×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
BongoNations
Explorer
Member since: ‎01-05-2023
‎01-06-2023
Community Statistics
Posts 6
Solutions 1
Karma Given 0
Karma Received 0
Member Since ‎01-05-2023
Activity Feed
View All

Re: Error in 'SearchParser': Mismatched ']'

by in Splunk Dev
‎01-06-2023 07:16 AM
‎01-06-2023 07:16 AM
Thanks I ran this query and it worked, but the output was basically everything, all text from the query lines. The usernames after sblogin/ were not specifically outputted on their own? source="test.csv" | rex field=raw_line "sblogin/(?<extracted_string>[^\"]+)" | eval extracted_string=substr(extracted_string, 9) I was hope to just see all the usernames and nothing else? ... View more

Re: Error in 'SearchParser': Mismatched ']'

by in Splunk Dev
‎01-06-2023 06:30 AM
‎01-06-2023 06:30 AM
Even with one backslash I get the same error source="test.csv" | rex field=raw_line "sblogin/([^\"]+)" | eval extracted_string=substr(extracted_string, 9) Error in 'rex' command: The regex 'sblogin/([^\"]+)' does not extract anything. It should specify at least one named group. Format: (?<name>...) ... View more

Re: Error in 'SearchParser': Mismatched ']'

by in Splunk Dev
‎01-06-2023 06:05 AM
‎01-06-2023 06:05 AM
Thanks Rich I just tried that and got this error Error in 'rex' command: The regex 'sblogin/([^\"]+)' does not extract anything. It should specify at least one named group. Format: (?<name>...) ... View more

Why the error in 'SearchParser': Mismatched ']' wh...

by in Splunk Dev
‎01-06-2023 04:55 AM
‎01-06-2023 04:55 AM
Hi All, thanks for clicking on the question This search works fine in Linux using grep, but I can't get it to work in Splunk. Please can you help.. I have imported a test.csv file that has many lines like the following [ERROR] 2023/01/05 16:53:05 [!] Get "https://test.co.uk/sblogin/username": context deadline exceeded (Client.Timeout exceeded while awaiting headers)   I am simply just to trying to extract the username field after sblogin/ and nothing else after the "   This is the query I have tried that gives the Error in 'SearchParser': Mismatched ']' source="test.csv" | rex field=raw_line "sblogin/([^"]+)" | eval extracted_string=substr(extracted_string, 9)   ... View more
Labels

Re: Why is SPL receiving error?

by in Splunk Search
‎01-05-2023 12:48 PM
‎01-05-2023 12:48 PM
Its ok I saw the problem was due to the character " I copied and pasted from cherry tree into Splunk and Splunk did not like that.. I had to type the " again ... View more

Why is SPL receiving error?

by in Splunk Search
‎01-05-2023 11:58 AM
‎01-05-2023 11:58 AM
Hi I have this SPL query but getting this error? Error in 'rename' command: Usage: rename [old_name AS/TO/-> new_name]+. Any ideas why or how to resolve this please? | tstats count where index=os earliest=-7d latest=-3h by host, _time span=3h | stats median(count) as median by host | join host [| tstats count where index=os earliest=-3h by host] | eval percentage_diff=((count/median)*100)-100 | where percentage_diff<-5 OR percentage_diff>5 | sort percentage_diff | rename median as “Median Event Count Past Week”, count as “Event Count of Events Past 3 Hours”, percentage_diff as “Percentage Difference”   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎01-06-2023 06:17 PM