×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
tbeason
Engager
Member since: ‎06-16-2020
‎06-19-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎06-16-2020
View All

Re: Different results when search is run in web UI...

by in Splunk Search
‎06-19-2020 12:22 PM
‎06-19-2020 12:22 PM
What ended up making the search work from python was to explicitly add "RequestTime" to the regex.  For some reason it worked without it on the web UI. rex field=_raw ".*?\\t.*?\\t.*?\\t.*?\t(?<Method>\w+)\s/(?<URI>.+?)\sHTTP.+?\\t.*?\\t(?<Status>.+?)\\t.*?\\t.*?\\t.*?\\t.*?\\t(?<RequestTime>.+?)\s" ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-19-2020 06:29 PM
Karma given to
View All