×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
AttarSingh1
Explorer
Member since: ‎09-12-2022
‎02-23-2023
Community Statistics
Posts 5
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎09-12-2022
Activity Feed
View All

Expanding data within my eval search

by in Splunk Search
‎02-23-2023 07:06 AM
‎02-23-2023 07:06 AM
index=data severity IN ("critical","high","medium","low") | eval TopHost = [ search index=tenable severity IN ("critical","high","medium","low") | where len(dnsName)>0 | dedup dnsName,solution | dedup dnsName,pluginText | rex field=pluginName "^(?<VulnName>(?:\w+\s+){2})" | dedup dnsName,VulnName | top limit=1 dnsName | rename dnsName as query | fields query | head 1] | where dnsName=TopHost | table dnsName, ip   My query above works, but missing one thing. Right now it is getting the first result ( using head command ). I am trying to do first 5 results and store that to my eval variable. I tried to change head 5 but got errors. Any help is appreciated. Thanks Attached error ... View more
Labels

Re: Regex help, using ^ character

by in Splunk Search
‎09-12-2022 02:56 PM
‎09-12-2022 02:56 PM
can you explain what the (?m) does   everything works with this. thanks a bunch ... View more

Re: Regex help, using ^ character

by in Splunk Search
‎09-12-2022 01:04 PM
‎09-12-2022 01:04 PM
Do you have any ideas on how to set regex flags /gm, in splunk. Unsure if you need to. but thats what regex101 made me do. so maybe thats the missing piece ... View more

Re: Regex help, using ^ character

by in Splunk Search
‎09-12-2022 01:01 PM
‎09-12-2022 01:01 PM
Thanks that did take care of the error, but my variable isnt storing value. ... View more

Regex help, using ^ character

by in Splunk Search
‎09-12-2022 12:47 PM
‎09-12-2022 12:47 PM
Hey,   I was trying to filter some search data in splunk using regex. I was able to figure the regex part. However when I try to input into splunk, i get an error.  Error in 'SearchParser': Missing a search command before '\'. Error at position '321' of search query 'search index=nessus [ search index=nessus ...{snipped} {errorcontext = <paths>^([\w]+[^\w\r\}'.   Splunk command : | rex field=pluginText (?<paths>^([\w]+[^\w\r\n]+){2}[\w]+) regex link : regex101: build, test, and debug regex ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎02-23-2023 10:27 AM
Karma given to
View All