SDK for PHP Search with Append Throws Error

kmattern · ‎06-23-2014

I'm playing with the Splunk SDK for PHP and am enjoying it but whenever I use an append function in a search it throws the following error

•[EXCEPTION] HTTP 200 OK

The PHP code for the search looks like this:

$search='search index=portal sourcetype="portal" earliest=-7d@d latest=-d /SAR/ARH/gen_info* WebPage!="index.htm*"
| stats count(WebPage) as "General Information"
| append [search index=portal sourcetype="portal" earliest=-7d@d latest=-d /SAR/faq* WebPage!="index.htm*"
| stats count(WebPage) as "Help Line"]
| append [search index=portal sourcetype="portal" earliest=-7d@d latest=-d /SAR/ARH/media* WebPage!="index.htm*"
| stats count(WebPage) as "Media"]';

If I just run the first search I get results. Do I have to do anything special with append? I use it a lot.

I get the same error if I call this as a saved search. Other saved searches work in the SDK but this one will not. It runs perfectly in it's dashboard or manually.

kmattern · ‎06-25-2014

Apparently there is a bug in the PHP SDK. If I get a resolution I'll post it here.

SDK for PHP Search with Append Throws Error

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Are you a member of the Splunk Community?

SDK for PHP Search with Append Throws Error

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...