Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

can you help me with regex

tulusoy
New Member
‎03-01-2019 04:33 AM

Hi,
I have a search with regex 

ERROR   * | rex ".*?(?(?:\w+\.)+\w*?Exception).*"    | stats sparkline  count by exception |sort count desc

should I change limits.conf or change regex ?
Can you help me.

Thank you

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

chrisyounger
SplunkTrust
SplunkTrust
‎03-01-2019 12:00 PM

Try this:

ERROR * | rex "(?<exception>\S+Exception)" | stats sparkline count by exception |sort count desc

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

chrisyounger
SplunkTrust
SplunkTrust
‎03-01-2019 12:00 PM

Try this:

ERROR * | rex "(?<exception>\S+Exception)" | stats sparkline count by exception |sort count desc

0 Karma
Reply
Solved! Jump to solution

tulusoy
New Member
‎03-08-2019 06:36 AM

thank you vey much. It runs

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎03-01-2019 11:56 AM

What's the problem here?

0 Karma
Reply
Solved! Jump to solution

damann
Communicator
‎03-01-2019 10:46 AM

Could you provide a sample positive event ? Btw. your regex is broken...

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎03-01-2019 05:02 AM

@tulusoy while posting code use the code button ( 101010 ) on Splunk Answers so that special characters do not escape.

You can also use shortcut Ctrl+K after selecting the code.

Or else add four spaces before each line of code and ensure to hit enter twice before writing first line of code so that there is a line gap between text and code. (Usually preview mode on Splunk Answer shows you how your final post will appear after submit.)

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...