Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Rex command issue in splunk views
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Rex command issue in splunk views
Hi,
i am using the below search command in a splunk view as given below.
index=re sourcetype="clearcase_Log" "Trouble opening VOB database" earliest=-7d |rex field=_raw ".vbstore/(?
stats count as "ERROR INSTANCES" by vob
***Error in 'rex' command: Encountered the following error while compiling the regex '.*vbstore/(?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you're enclosing the tags that are causing you trouble in an XML document, they are interpreted as part of the XML data rather than as part of the rex command. To specify that these tags are not referring to the XML structure, use the special escaping sequence "<![CDATA[" at the beginning of your string and its corresponding end sequence "]]>" at the end. Example here: http://splunk-base.splunk.com/answers/30157/inputlookup-in-view-with-rex
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Awesome. Could you please mark my answer as accepted? Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This works now.. grt thank you . I had left an extra special char.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also your extraction probably doesn't extract what you want. You likely want .vbstore/(?<vob>.+?)\.vbs
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you using a space after the ( character? You shouldn't, it's incorrect syntax and would cause Splunk to throw that error.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
doesnt work for CDATA also
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Error in 'rex' command: Encountered the following error while compiling the regex '.vbstore/(?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i mean i tried to use (without spaces)
"& l t ;" for < and "& g t ;" for > but failed
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Casting Call: Compete in Cyber Games
Announcing Modern Navigation: A New Era of Splunk User Experience
How Edge Processor's Durable Queue Works
