×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Villo
Observer
Member since: ‎05-14-2021
‎05-19-2021
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-14-2021
Activity Feed
Topics I've Started
View All

Re: Too long query?

by in Splunk Search
‎05-17-2021 05:50 AM
‎05-17-2021 05:50 AM
Hello. Unfortunatelly not. I have lots of similar error messages but to different error codes as well. I was thinking about to delete those, which are not appearing anymore in the logs, but I a afraid I would not be able to get a significant change.  😞 ... View more

Re: Too long query?

by in Splunk Search
‎05-14-2021 04:11 AM
‎05-14-2021 04:11 AM
Hello, and thank you for your answer.  This query has been created to identify the number of errors identified by several conditions (at some point even 3 or 4 conditions). I made all of them like this:  | eval errorTypes=case(like(_raw,("%logFaultyResponse:291%could not execute statement%OBN:01234: invalid data in field=blablabla%"), "logFaultyResponse:291 - could not execute statement, OBN:01234: invalid data in field=blablabla",. like(_raw("%logFaultyResponse:291%could not execute statement%OBN:01235: invalid userID%"), "logFaultyResponse:291 - could not load user data, OBN:01235: invalid userID"....etc in the next 378 rows)   Unfortunatelly we have different kinds of logs. i can't really make a query or a pattern for rex field to extract all of them, their positioning is pretty unique. some of them have a field  like errorMessage, or errorDescription, but whenever I want to use these I get only the first word of a whole sentence, and no reasoning (yes some of them has even a reason field) etc. ... View more

Too long query?

by in Splunk Search
‎05-14-2021 03:27 AM
‎05-14-2021 03:27 AM
Hi, I have an issue with a query of mine.  The length of it is exactly 378 lines, and however I managed to save it on my dashopard without any problems. Now I can not open  it from there. Always shows to me a "connection reset" blank page when I try to open it. I guess it is because my query is too long (it has hundreds of "like" conditions in it.  In case of other queries I  don't experience such issue.   I have saved the query into a word document, and whenever I run it, it runs perfectly, no problems with that. Could you tell me please what can I do in such case, when I have this long query? And what is the maximum length of a query?    Thank you in advance 🙂  ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎05-19-2021 11:56 AM