Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Form error when referencing a token in the search

cbbrown
New Member
‎05-16-2019 07:09 AM

I have three multi-selection options for my form. All three default to *, but the main panel of the form throws an error when I reference one or all of the token values to filter the search down. I get the following error: Error in 'search' command unable to parse the search: Comparator '=' has an invalid term on the right hand side.

The search string for the panel calling the token is as follows:

| dbxquery output='csv' connection="blah" query="SELECT * FROM "blah_data"
| search filtering_field=$filter_tok$
| table field1 field2 field3

The Multi-selection input is defined as follows:

Label: Filtering Field
Token Options
Token: filter_tok
Default: All
Token Prefix: (
Token Suffix: )
Token Value Prefix: Filtering_Field="
Token Value Suffix= "
Delimiter: OR (spaces before and after OR)
Static Options
Name: All
Value: *

Dynamic Options
Search String:
| dbxquery output='csv' connection="blah" query="SELECT * FROM "blah_data"
| dedup filtering_field
| table filtering_field

Time Input: Last 24 Hours
Field For Label: Filtering_Field
Field of Value: Filtering_Field

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...