Re: Using regex for URI search

ghildiya · ‎07-29-2020

I have the following query to search results which contain a specific rest endpoint which has a UUID path parameter:

.... | regex requestURI="/baseurl/\b[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\b

But it seems to be wrong. Error is :

Unknown search command '0'.

What is the mistake I am making here?

richgalloway · ‎07-29-2020

Splunk appears to be interpreting part of your regular expression as a subsearch. Make sure the expression is enclosed in quotation marks and any embedded quotation marks are escaped.

---
If this reply helps you, Karma would be appreciated.

ghildiya · ‎07-29-2020

I tried this:

.... | regex requestURI=*/baseurl/\"[0-9a-f]{8}\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\b[0-9a-f]{12}\"*

But this too doesn't work.

richgalloway · ‎07-30-2020

The regex command is still missing the enclosing quotation marks.

---
If this reply helps you, Karma would be appreciated.

Why am I getting this error when using regex for URI search?

regex

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Join the Conversation