Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Why am I getting "Argument 'value' contains in...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
zharkov83
Engager
02-04-2016
01:19 AM
I'm trying to extract a log level field from my file using regex. I've tried different searches, including automatically generated by the system, but always have the same error:
In handler 'props-extract': Argument 'value' contains invalid character : ^(?:[^\]\n]*\]){2}\[\[\d+;\d+m(?<Level>\w+)\[\d+;\d+\w+\s+\]
Log line looks like this:
[2016-02-04 03:48:04,989][MNG ][[1;31mERROR[1;0m ][Service Manager] No camera settings in Set_CV_Camera_Settings event
When I use Search page and generate request - it's Ok:
index=* OR index=_* sourcetype=cv_manager_supervisor | rex field=_raw "(?ms)^(?:[^\\]\\n]*\\]){2}\\[\\[\\d+;\\d+m(?<Level>\\w+)\\[\\d+;\\d+\\w+\\s+\\]" offset_field=_extracted_fields_bounds | search Level=ERROR | rex field=_raw "^[^\\]\\n]*\\]\\[(?P<ProcessName>[^\\]]+)" offset_field=_extracted_fields_bounds0
Result on Search page:
[2016-02-04 03:48:06,353][MNG ][[1;31mERROR[1;0m ][Service Manager] No camera settings in Set_CV_Camera_Settings event
Level = ERROR ProcessName = MNG sourcetype = cv_manager_supervisor
Splunk version = 6.3.2
Please help....
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
02-04-2016
08:07 AM
Try this as your field extraction regex
^(?:[^;]+);(\d+)m(?P<Log_Level>\w+)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
02-04-2016
08:07 AM
Try this as your field extraction regex
^(?:[^;]+);(\d+)m(?P<Log_Level>\w+)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
zharkov83
Engager
02-04-2016
08:30 AM
Great! Thank you very much! It's work for my case very well! )
But i still do not understand why my regexp don't work 😞
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Get Updates on the Splunk Community!
Tech Talk Recap | Mastering Threat Hunting
Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...
Observability for AI Applications: Troubleshooting Latency
If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...
Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?
In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...
