[Filter: smut] anonymous_hippo's post body matched "damn", board "splunk-search".

Post Subject: How to simply filter out text String from search results that has line breaks/return in it on SPLUNK Enterprise?

Post Body:

I'm really annoyed,  I am using SPLUNK Enterprise and I'm literally tryin to parse out some JSON (basically a String) from my Splunk Logs that has linebreaks after each field/key in the JSON string result , i.e.

Some random search results here {
  key1: value1
  key2: value2
  key3: value3
  }, some log message here

 

.... Like .* and many other REGEX chars work just fine in the search for some damn reason I tried all combinations of [\r\n\s]+ and such and get 0 results despite it working just fine in regex101.com online sandbox environment 

I think I read online from my searches that Splunk logs don't preserve the linebreaks, but if it doesn't do that, then what is the final result looking like then? because I tried querying with out whitespaces, or linebreaks, and every combination under the sun, and never got a "hit" back on my search results.

Also, I'm not using any of that REX crap as I don't need to extract anything; I just wanted to filter and maybe do a stats count on my results 

 

Can anyone provide a simple solution please thank you!

Body text "damn" matched filter pattern "damn".

Post by User[id=237938,login=anonymous_hippo] has message uid 573934.

Link to post: How to simply filter out text String from search results that has line breaks/return in it on SPLUNK...