×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
raj_tiwari
Engager
Member since: ‎02-23-2015
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎02-23-2015
View All

Re: No results found with Double quotes in a searc...

by in Dashboards & Visualizations
‎05-13-2015 10:54 AM
‎05-13-2015 10:54 AM
The query still does not return any results and unfortunately i cant provide a sample data set due to compliance. Its strange thats its no longer working when the query hasnt changed in years. I did make a small change replacing < > with < > due to the following error. Error in 'rex' command: Encountered the following error while compiling the regex ' -(?<User>[^@]+@.*)- User is logged in.': Regex: syntax error in subpattern name (missing terminator) sourcetype=SPLUNK_REVEAL_METRICS "User is logged in." | rex field=_raw " -(?&lt;User&gt;[^@]+@.*)- User is logged in." | bucket span=1d _time | chart count by User _time ... View more

No results found with Double quotes in a search

by in Dashboards & Visualizations
‎05-12-2015 05:23 PM
1 Karma
‎05-12-2015 05:23 PM
1 Karma
Hi, Im having issues running 3 searches that previously worked and strangely enough by removing the double quotes on one search it worked. Search 1. Not working sourcetype=“SPLUNK_REVEAL_METRICS" "User is logged in." | rename date_mday as MonthDay | rename date_year as Year | rename date_month as Month | stats count as "Logins" by Year,Month,MonthDay Search 1. Now Working sourcetype=SPLUNK_REVEAL_METRICS | rename date_mday as Day | rename date_month as Month | rename date_year as Year | stats count as "Logins" by Day,Month,Year Not working Search 2 & 3 sourcetype=SPLUNK_REVEAL_METRICS | rename date_mday as Day | rename date_month as Month | rename date_year as Year | stats count as "Logins" by Day,Month,Year sourcetype="SPLUNK_REVEAL_METRICS" "User is logged in." | rex field=_raw " -(?&lt;User&gt;[^@]+@.*)- User is logged in." | eval Transaction_Date=strftime(strptime(date_year."-".date_month."-".date_mday,"%Y-%B-%d"),"%Y-%m-%d") | chart count by User Transaction_Date Any clues as to this behaviour? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All