[Filter: smut] anonymous_hippo's post body matched "damn", board "splunk-search".
Post Subject: How to simply filter out text String from search results that has line breaks/return in it on SPLUNK Enterprise?
Post Body:
I'm really annoyed, I am using SPLUNK Enterprise and I'm literally tryin to parse out some JSON (basically a String) from my Splunk Logs that has linebreaks after each field/key in the JSON string result , i.e.
Some random search results here {
key1: value1
key2: value2
key3: value3
}, some log message here
.... Like .* and many other REGEX chars work just fine in the search for some damn reason I tried all combinations of [\r\n\s]+ and such and get 0 results despite it working just fine in regex101.com online sandbox environment
I think I read online from my searches that Splunk logs don't preserve the linebreaks, but if it doesn't do that, then what is the final result looking like then? because I tried querying with out whitespaces, or linebreaks, and every combination under the sun, and never got a "hit" back on my search results.
Also, I'm not using any of that REX crap as I don't need to extract anything; I just wanted to filter and maybe do a stats count on my results
Can anyone provide a simple solution please thank you!
Body text "damn" matched filter pattern "damn".
Post by User[id=237938,login=anonymous_hippo] has message uid 573934.
Link to post: How to simply filter out text String from search results that has line breaks/return in it on SPLUNK...
