Solved: Error when trying to use a subsearch (Unable to pa...

cyp112 · ‎05-06-2021

Hello,

I am trying to use a subsearch on another search but not sure how to format it properly

Subsearch:

The syntax shown from the format command is:

( src_bunit="A,B,C,D,E,F" ) )

On the main search I get this error:

Error in 'search' command: Unable to parse the search: Right hand side of IN must be a collection of literals.

The main search

eventtype=dsp_inventory device_control_tags="IMPORTANT*" code IN([subsearch)

My question is how can a format the subsearch in a way that on the main search it will show results like?:

A,B,C,D,E,F instead of src_bunit="A,B,C,D,E,F"

Any ideas? Thank you!

bowesmana · ‎05-06-2021

Replace the 'format' command with

return $src_bunit

that will return A,B,C,D,E,F

bowesmana · ‎05-06-2021

Replace the 'format' command with

return $src_bunit

that will return A,B,C,D,E,F

cyp112 · ‎05-06-2021

That did it. Thanks a lot. You sir are a God!

Error when trying to use a subsearch (Unable to parse the search: Right hand side of IN must be a collection of literals