Hello All,
I've been trying to create a basesearch for my dashboard. I have included all the fields that both queries have in common, labeled the first basesearch as id and the second as a base. I keep getting a "Error in 'eval' command: Failed to parse the provided arguments. Usage: eval dest_key=expression". I also have a question on the tokens are they only supposed to be on the first query under id basesearch? What is wrong here with my basesearches here? thanks in advance.
<form>
<label>Cloned Dashboard </label>
<search id="basesearch"> <----(This is the start of my base search)
<query>
(index=dmx_rapper.xmn $tok_eco_alias$ (team=dev staging="Test" ) OR ( team=Pro ))
| eval HRofstage=case(stage="SentStatus", HRStamp),
| eval ProPriority=case(team="Pro", lookupService),
sentToProHR=case(Type="sentToPro", HRLogged)
| stats earliest(sentToProHR) as sentToProHR latest(HRofstage) as HRofstage values(Duration) as Duration values(lookupService) as lookupService dc(Identifier) as TotalDocs values(Total) as Total values(ProPriority) as Pro_Priority by Identifier
| where Pro_Priority="$tok_rate$"
| eval startTime = strptime(sentToProHR,"%Y-%m-%d %H:%M:%S.%q"), endTime=strptime(HRofstage,"%Y-%m-%d %H:%M:%S.%6N")
| where isNotNull(sentToProHR) AND isNotNull(HRofstage)
| eval Duration = ((endTime-startTime)/60)
| eval ServiceValue=case(lookupService="Low", 3600, lookupService="Medium", 2880, lookupService="High", 1440)
</query>
<earliest>$time_range.earliest$</earliest>
<latest>$time_range.latest$</latest>
<title>Service Value Success Count and Percentage </title>
<search base="basesearch"> <----(2nd query for baseserach)
<query> search | eval ServiceValue=if(Duration<=ServiceValue, "Success", "Failure")
| eval Total=case(ServiceValue="Success", Identifier)
| stats dc(Total) as ServiceValue dc(Identifier) as Totals_Received
| eval Percentage=round((ServiceValue/Total_Received)*100)
| eval ServiceValue=tostring(ServiceValue,"commas") . " (" .Percentage."%" . ")"
| table ServiceValue
</query>
</search>
