- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- search "** ERROR =>"
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
search "** ERROR =>"
Hi,
i want to search for this string in splunk index.
but i keep getting wrong results. i guess it has to do with **. how can i overcome this?
Thanks,
Snabel
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Use this
error
| regex _raw="\*\*\sERROR\s\=\>"
The first line searches for any event that has "error" in it, providing a first approximation to what you want. The second line uses a regular expression to find exactly the string "** ERROR =>". Note that '\s' denotes whitespace. If there are no spaces in the string, remove the \s
HTH
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you're looking for "** ERROR =>" OR "** ERROR" then you're really just looking for "** ERROR" because that already matches the one with the ASCII arrow. Here's a modified version of lguinn's search which matches both examples for me:
ERROR | regex _raw="\*\*\sERROR\s"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Because, i think the logs will contain the following log prints:
| ** ERROR => SOMETHING **| or | ** ERROR **|
i thought to search for any string that looks like this:
** ERROR => or ** ERROR
maybe there is a better way to look for these patterns, I'm really open to any suggestions.
Thanks,
Snabel
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
why don't you only search "ERROR =>" ? what is the significance of the ** ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks all, but still not working
here is the log prints i've in NR9 nss.log:
| ** ERROR => SOMETHING **|
That's what i'm trying to search.
Thanks,
Snabel
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
it didn't work.
i wrote this in the search bar: index=* ** ERROR=>*
and i got the following results:
SWI_JS_SCRIPT_ERROR
Error
error
** ERROR =>
while i only wanted this:
** ERROR =>
is there a way to escape special characters in splunk search bar? in version 5.0.1
Thanks,
Snabel
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
did u tried searching like this :
index=* **ERROR=>*
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i'm working with splunk version 5.0.1
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
