Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is search syntax highlighting not working in Splunk 6.5.2?

sylim_splunk
Splunk Employee
Splunk Employee
‎03-20-2017 03:03 PM

Our search heads syntax highlighting does not function for any of search commands. This is with search_syntax_highlighting = true for the user prefs. I'm on Splunk version 6.5.2.

[general]
search_syntax_highlighting = 1
search_assistant = compact
infodelivery_enabled = 0
infodelivery_show_ad_modal = 1
infodelivery_show_configure_modal = 1
datasets:showInstallDialog = 1

What I do see if I look at the browser console output is this:

Uncaught TypeError: Cannot read property 'forEach' of undefined
at SPLHighlightRules.buildCommandTokens (https://mysearchhead:8000/en-US/static/@67571ef4b87d/js/contrib/ace-editor/mode-spl.js:20:27)
at SPLHighlightRules.buildRules (https://mysearchhead:8000/en-US/static/@67571ef4b87d/js/contrib/ace-editor/mode-spl.js:82:76)
at new SPLHighlightRules (https://mysearchhead:8000/en-US/static/@67571ef4b87d/js/contrib/ace-editor/mode-spl.js:339:10)
... SNIP ...
at _require (eval at module.exports (https://mysearchhead:8000/en-US/static/@A0893C21C54BF1F3227A8F08…2162F01813C1C30FC75598EC33A535BB920...), :88:37)
at req (eval at module.exports (https://mysearchhead:8000/en-US/static/@A0893C21C54BF1F3227A8F08…2162F01813C1C30FC75598EC33A535BB920...), :138:24)

alt text

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sylim_splunk
Splunk Employee
Splunk Employee
‎03-20-2017 03:19 PM

This case turned out to be caused by malformatted searchbnf.conf in a few custom apps, like it lacks mandatory field of "SYNTAX". - If you have the same issue I would recommend you to check if you have custom searchbnf.conf - Strangely, the small mistakes affect the whole feature to stop working which will be improved in the next version of 6.5.4 onward - it would ignore and work around the mistakes and continue to work for the other good commands.

View solution in original post

Reply
Solved! Jump to solution
Solution

sylim_splunk
Splunk Employee
Splunk Employee
‎03-20-2017 03:19 PM

This case turned out to be caused by malformatted searchbnf.conf in a few custom apps, like it lacks mandatory field of "SYNTAX". - If you have the same issue I would recommend you to check if you have custom searchbnf.conf - Strangely, the small mistakes affect the whole feature to stop working which will be improved in the next version of 6.5.4 onward - it would ignore and work around the mistakes and continue to work for the other good commands.

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...