Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About jymmitch
jymmitch
Path Finder
Member since:
03-31-2022
04-08-2022
Community Statistics
| Posts | 17 |
| Solutions | 1 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 03-31-2022 |
Activity Feed
- Posted Re: Search not returning results on Splunk Search. 04-08-2022 06:49 AM
- Karma Re: Search not returning results for PickleRick. 04-08-2022 06:49 AM
- Posted Re: Search not returning results on Splunk Search. 04-07-2022 02:53 PM
- Posted Re: Search not returning results on Splunk Search. 04-07-2022 02:12 PM
- Posted Re: Search not returning results on Splunk Search. 04-07-2022 01:49 PM
- Posted Re: Search not returning results on Splunk Search. 04-07-2022 01:46 PM
- Posted Re: Search not returning results on Splunk Search. 04-07-2022 01:11 PM
- Posted Why is my Search not returning results? on Splunk Search. 04-07-2022 12:52 PM
- Posted Re: Error when searching log text that contains a line break on Splunk Search. 04-01-2022 01:17 PM
- Posted Re: Error when searching log text that contains a line break on Splunk Search. 04-01-2022 11:34 AM
- Posted Re: Error when searching log text that contains a line break on Splunk Search. 04-01-2022 09:27 AM
- Posted Re: Error when searching log text that contains a line break on Splunk Search. 04-01-2022 09:26 AM
- Tagged Re: Error when searching log text that contains a line break on Splunk Search. 04-01-2022 09:26 AM
- Posted Re: Error when searching log text that contains a line break on Splunk Search. 04-01-2022 06:00 AM
- Posted Re: Error when searching log text that contains a line break on Splunk Search. 03-31-2022 02:20 PM
- Posted Re: Error when searching log text that contains a line break on Splunk Search. 03-31-2022 02:16 PM
- Posted Re: Error when searching log text that contains a line break on Splunk Search. 03-31-2022 02:15 PM
- Tagged Error when searching log text that contains a line break on Splunk Search. 03-31-2022 12:51 PM
- Posted Error when searching log text that contains a line break on Splunk Search. 03-31-2022 12:37 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
04-07-2022
02:53 PM
I have other searches that work where the regex matches over two lines. The only difference between those and this one is the fact that this one includes a datestamp (the others don't).
... View more
04-07-2022
02:12 PM
There is a timestamp preceding the text in my main search, but there is also a timestamp that follows it. I'm only searching from the main search text forward: raw log text: store license for Store 123456 2022-04-07 19:17:44,360 ERROR path not found index=* host="storelog*" "store license for " |rex field=_raw "Store\s123456\n\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2}\,\d{3}\s(?P<errortext>.*)path" | stats count by errortext Based on my search, I would think splunk should recognize the "store license for " text, then recognize the single whitespace, then recognize the "Store\s123456" text in the regex, then recognize the newline (\n), then recognize the date/timestamp, and finally set errortext field to ERROR.
... View more
04-07-2022
01:49 PM
I added "Store 123456" to main search and removed it from regex, but still get "no results found."
... View more
04-07-2022
01:11 PM
I took off the stats command and reran the search, but the errortext field is NOT in the events.
... View more
04-07-2022
12:52 PM
Here's the text string from the log I'm searching:
store license for Store 123456 2022-04-07 19:17:44,360 ERROR path not found
Here's my splunk search:
index=* host="storelog*" "store license for " |rex field=_raw "Store\s123456\n\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2}\,\d{3}\s(?P<errortext>.*)path" | stats count by errortext
Why am I getting the following when I search?
No results found.
... View more
04-01-2022
01:17 PM
When I try something like that where all the data is on one line in the logs, I get results. When the data is on separate lines in the logs, I get no results in my search.
... View more
04-01-2022
11:34 AM
That "should" have worked, but didn't. I still get "no results found." For some reason, it doesn't seem to recognize (or acknowledge) the \n.
... View more
04-01-2022
09:27 AM
I think a slightly tweaked version of this will work.
... View more
04-01-2022
09:26 AM
I think a slightly tweaked version of this will work.
... View more
04-01-2022
06:00 AM
I'll give it a try today, thanks!
... View more
03-31-2022
02:20 PM
Here are two examples from logs... store license for Store 123456 2022-03-27 02:01:59,649 [XNIO-2 task-3] ERROR hostnane is null store license for Store 234567 2022-03-27 00:02:22,566 [XNIO-2 task-7] INFO com. I want to find only store numbers that are followed by the error text
... View more
03-31-2022
02:16 PM
Not sure, but the line break in the log seems to be messing me up: "store license for Store 123456 2022-03-27 02:01:59,649 [XNIO-2 task-3] ERROR"
... View more
03-31-2022
02:15 PM
I'm trying to find every occurrence of the store number in the logs that is followed by a specific error text. That "ERROR" in my sample is just the first word in the error string. There are other occurrences of that store number in the logs, but I want to find only those that are followed by the specific error text. I know that I'll also have to deal with the date/time stamp, but for now I'm just trying to figure out to write the search query to find that hardcoded value.
... View more
03-31-2022
12:37 PM
Sample text from a log that I'm searching:
"store license for Store 123456 2022-03-27 02:01:59,649 [XNIO-2 task-3] ERROR"
I'm trying to search for, and return, a store number that's associated with a particular error. The following search successfully returns the store number (and count):
index=* host="log*" "store license for" | rex field=_raw "Store\s(?P<storenumber>.*)" | stats count by storenumber
But when I try to search for the storenumber along with error string that follows it, I get "no results found." Here's the search i'm trying:
index=* host="log*" "store license for" | rex field=_raw "Store\s(?P<storenumber>.*)[\r\n]+2022\-03\-27\s02:01:59,649\s\[XNIO-2\stask-3\]\sERROR" | stats count by storenumber
Splunk doesn't seem to like the newline character. I've tried \n and [r\n\] and others, but all with the same incorrect results.
... View more
- Tags:
- search
Labels
- Labels:
-
regex
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-08-2022
04:58 PM
|
