Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Searching for fields after pipeline

balidani
Explorer
‎05-12-2012 05:13 AM

Hello!

When I run the following search it works perfectly:

inc=* | head 2

However if the search is after a pipeline I get an error:

http 200 | inc=* | head 2

The error I get is:

Search operation 'inc' is unknown. You might not have permission to run this operation.

What am I doing wrong?
Thanks in advance!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎05-12-2012 05:33 AM

When you pipe to something it need an actual splunk command. So you could do this http 200 | search inc=* | head 2. However you should always limit the search before piping to a command so "http 200 inc=* | head 2" would be the search you want.

View solution in original post

Reply
Solved! Jump to solution
Solution

sdaniels
Splunk Employee
Splunk Employee
‎05-12-2012 05:33 AM

When you pipe to something it need an actual splunk command. So you could do this http 200 | search inc=* | head 2. However you should always limit the search before piping to a command so "http 200 inc=* | head 2" would be the search you want.

Reply
Solved! Jump to solution

balidani
Explorer
‎05-12-2012 06:07 AM

Thank you! This is what I was looking for, I didn't realise I can do it without a pipe between http 200 and inc=...

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...