Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Stats command error

yasit
Explorer
‎10-16-2023 04:08 AM

index=abcd | stats count(eval(searchmatch(''https://drive.google.com/uc?export=download&id=1HGFF5ziAFGn8161CKQC$Xyuhni9PNK_X'))) as ''https://drive.google.com/uc?export=download&id=1HGFF5ziAFGn8161CKQC$Xyuhni9PNK_X'  OR count(eval(searchmatch('value2')))  as 'value2'

I'm getting this error:

Error in 'stats' command: The argument '''https://drive.google.com/uc?export=download&id=1HGFF5ziAFGn8161CKQC$Xyuhni9PNK_X'' is invalid.
 
 
this works fine with many other URLs and ips, is there any special character that is not allowed with stats?
Labels (6)
0 Karma
Reply

bowesmana
SplunkTrust
SplunkTrust
‎10-24-2023 07:17 AM

Your quotes before the http appear to be two SINGLE quotes rather than a double quote. Once you fix that you get a different error about dynamic fields and it looks like it doesn't like the $ sign in the searchmatch string.

 

0 Karma
Reply

yasit
Explorer
‎10-24-2023 07:32 AM

what can be the solution here as I'm creating this query dynamically with format and giving as an input to base query. 
how can i escape these special charachters

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎10-24-2023 07:59 AM

Please share your full search as the advice already given seems to fix the apparent errors in your example.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-16-2023 08:36 AM

The string following "AS" should be a valid field name or a partial field name with a wildcard.  You can rename the field to something more verbose later in the query using rename.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

somesoni2
Revered Legend
‎10-16-2023 08:33 AM

The equal sign might be causing issues, escape them with backward slash. Also, the OR keyword between two stats fields is invalid, remove it.

index=abcd | stats count(eval(searchmatch("https://drive.google.com/uc?export\=download&id\=1HGFF5ziAFGn8161CKQC$Xyuhni9PNK_X"))) as "https://drive.google.com/uc?export=download&id=1HGFF5ziAFGn8161CKQC$Xyuhni9PNK_X"   count(eval(searchmatch("value2")))  as "value2"
0 Karma
Reply

yasit
Explorer
‎10-24-2023 12:55 AM

@somesoni2 still the stats command is raising the error while escaping the with \
error: The argument ''The argument ''https://abc.......?export\=download&id\=1HGFF5ziAFGn8161CKQC$Xyuhni9PNK_X'' is invalid."is invalid.

0 Karma
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...