@@ -29,8 +29,9 @@ class SplunkTokenizer(QueryTokenizer):
2929num_value_pattern = r"(?P<num_value>\d+(?:\.\d+)*)\s*"
3030double_quotes_value_pattern = r'"(?P<d_q_value>(?:[:a-zA-Z\*0-9=+%#\-_/,\'\.$&^@!\(\)\{\}\s]|\\\"|\\)*)"\s*'
3131single_quotes_value_pattern = r"'(?P<s_q_value>(?:[:a-zA-Z\*0-9=+%#\-_/,\"\.$&^@!\(\)\{\}\s]|\\\'|\\)*)'\s*"
32- _value_pattern = fr"{ num_value_pattern } { double_quotes_value_pattern } { single_quotes_value_pattern }
33- multi_value_pattern = r"""\((?P<value>[:a-zA-Z\"\*0-9=+%#\-_\/\\'\,.&^@!\(\s]*)\)"""
32+ no_quotes_value = r"(?P<no_q_value>(?:[:a-zA-Z\*0-9=+%#\-_/,\.\\$&^@!])+)\s*"
33+ _value_pattern = fr"{ num_value_pattern } { no_quotes_value } { double_quotes_value_pattern } { single_quotes_value_pattern }
34+ multi_value_pattern = r"""\((?P<value>[:a-zA-Z\"\*0-9=+%#\-_\/\\'\,.&^@!\(\s]+)\)"""
3435keyword_pattern = double_quotes_value_pattern
3536
3637multi_value_operators = ("in" ,)
@@ -40,6 +41,9 @@ def get_operator_and_value(self, match: re.Match, operator: str = OperatorType.E
4041if num_value := get_match_group (match ,group_name = 'num_value' ):
4142return operator ,num_value
4243
44+ elif no_q_value := get_match_group (match ,group_name = 'no_q_value' ):
45+ return operator ,no_q_value
46+
4347elif d_q_value := get_match_group (match ,group_name = 'd_q_value' ):
4448return operator ,d_q_value
4549