I'm running into an issue with the syntax for a CLI search using erex.
The problem seems to be with the double quotes. I've tried single quoting the erex examples and counter examples, but none of it seems effective.
This search works in the GUI:
index=name searchterm NOT otherterm |erex message examples="/foo/bar,/foobar" counterexamples="barfoo, foobar" |table item1,item2,item3,item4,item5 |uniq |sort item3
In the CLI I've tried it a couple of different ways, and the closest I've gotten to a working search is:
index=name searchterm NOT otherterm |erex message examples='/foo/bar,/foobar' counterexamples='barfoo, foobar' |table item1,item2,item3,item4,item5 |uniq |sort item3
the CLI search results in "INFO: No matching fields exist"
Do any of you know what I'm doing wrong here?
Thanks!
↧