I am trying to use simple regex to find clients with specific IPs. My regex looks like
status=404 | regex host=*10.\d\d\d.\d\d\d.\d\d\d*
When I run the search in splunk it gives me error which looks like -
Error in 'SearchOperator:regex': The regex '*10.\d\d\d.\d\d\d.\d\d\d*' is invalid. nothing to repeat.
I am completely new to splunk. So, any help is appreciated.
Depending on what you're trying to do you might be better off just searching for the IP addresses than using regex command. status="404" host="10.*"
The prior poster gave good advice about an additional problem. The particular error shown, "nothing to repeat", was referring to the use of an asterisk as the first character. The asterisk means "zero or more of the preceding token" (e.g. the most recent discrete thing just to the left of the asterisk). Because the given regex started with an asterisk, Splunk threw an error because there was nothing to the left of the asterisk to repeat.