Hello,
I would like create a search based on variables.
My current search:
| stats count
| eval search="index=customer_details sourcetype="..."
| eval search_id=if("$id_customer$"="*"," "," (id_customer=$id_customer$ OR operational_customer_number=$id_customer$) ")
| eval search_name=if("$name$"="*"," ","name=$name$")
| eval search_first_name=if("$first_name$"="*"," "," first_name=$first_name$ ")
| eval search_email=if("$email$"="*"," "," email_account=$email$ ")
| eval search_phone=if("$tel_no$"="*"," "," ( land_phone=$tel_no$ OR mobile_phone=$tel_no$)")
| eval search_order=if("$id_order$"="*"," "," [search (index=order (id_order=$id_order$) | head 1 | fields id_customer | appendpipe [ .... ] | fields id_customer
] ")
| eval search_request=if("$requestid$"="*"," ","[search index=request requestid=$requestid$ | head 1 | rename idclient as id_customer | fields id_customer | appendpipe [ ....... ] | fields id_customer ]")
| eval search= search+search_id+search_first_name + search_name + search_phone + search_order + search_request
| fields search
If i execute this search with parameters, Splunk returns a field : search named "search_return"
If i execute "search_return" manually, it runs ok, but i want to execute this search directly.
Have you an idea ?
Thanks you
