https://community.splunk.com/t5/Splunk-Dev/How-to-search-custom-fields-from-Splunk-SDK/m-p/337678#M5131 <P>@micahkemp that actually did help but not for the reason you would think...turns out it was a dumb mistake on my part, I had two variables declared named search and searchStr and i mixed the two up and was passing in the wrong one without the 'search' part at the beginning. Stupid mistake but thanks for the tip</P> Tue, 12 Dec 2017 17:26:15 GMT scottmacdonald 2017-12-12T17:26:15Z https://community.splunk.com/t5/Splunk-Dev/How-to-search-custom-fields-from-Splunk-SDK/m-p/337675#M5128 <P>I can't find documentation anywhere on how to format search strings for the Splunk SDK. Every single example provided just uses:</P> <P><STRONG>search index=_internal | head 10</STRONG></P> <P>I'm just trying to search on a custom field I use in my application, so I thought this would work:</P> <P><STRONG>search index=myindex mycustomfield=xyz</STRONG></P> <P>but that just gives me an error: Bad Request: FATAL: Unknown search command mycustomfield</P> <P>How do I format this as I want? And perhaps more importantly where is this documented how the SDK expects requests to be formatted?</P> Tue, 12 Dec 2017 15:12:59 GMT https://community.splunk.com/t5/Splunk-Dev/How-to-search-custom-fields-from-Splunk-SDK/m-p/337675#M5128 scottmacdonald 2017-12-12T15:12:59Z https://community.splunk.com/t5/Splunk-Dev/How-to-search-custom-fields-from-Splunk-SDK/m-p/337676#M5129 <P>Hi scott, </P> <P>Can you provide us with a sample of the code you're using to get this error?</P> Tue, 12 Dec 2017 15:56:48 GMT https://community.splunk.com/t5/Splunk-Dev/How-to-search-custom-fields-from-Splunk-SDK/m-p/337676#M5129 damien_chillet 2017-12-12T15:56:48Z https://community.splunk.com/t5/Splunk-Dev/How-to-search-custom-fields-from-Splunk-SDK/m-p/337677#M5130 <P>See if this <A href="https://answers.splunk.com/answers/597555/error-search-factory-unknown-search-command-1.html#answer-597255">answer</A> from yesterday helps.</P> Tue, 12 Dec 2017 16:59:08 GMT https://community.splunk.com/t5/Splunk-Dev/How-to-search-custom-fields-from-Splunk-SDK/m-p/337677#M5130 micahkemp 2017-12-12T16:59:08Z https://community.splunk.com/t5/Splunk-Dev/How-to-search-custom-fields-from-Splunk-SDK/m-p/337678#M5131 <P>@micahkemp that actually did help but not for the reason you would think...turns out it was a dumb mistake on my part, I had two variables declared named search and searchStr and i mixed the two up and was passing in the wrong one without the 'search' part at the beginning. Stupid mistake but thanks for the tip</P> Tue, 12 Dec 2017 17:26:15 GMT https://community.splunk.com/t5/Splunk-Dev/How-to-search-custom-fields-from-Splunk-SDK/m-p/337678#M5131 scottmacdonald 2017-12-12T17:26:15Z