Do "map" command has any limitation? my search query has multiple tables joined having sub-searches under it. Its giving me below error:

Can you paste the SPL here? Will be easier to pinpoint the issue

As requested, please find below SPL:

Your error is here, towards the bottom:

| table _time Episode Prediction
AirId=$ID$

I think you should change it to:

| table _time Episode Prediction AirId

No luck.... it didn't work. Here is the error that I'm facing even after following the suggested one:

[subsearch]: command="predict", No data

This is the latest query which I'm using based on your suggestion:

| inputlookup AirId_List.csv append=f | table AirId | rename AirId as ID
| map
[ search `itsi_event_management_group_index`
| eval id=mvindex(split(itsi_group_title,"_"),1)
| eval AirId=if(id=="KPI",mvindex(split(itsi_group_title,"_"),2),id)
| rex field=itsi_group_title "_\d+_(?<KPI>.*)"
| search AirId="$ID$" KPI IN ("*Appdynamics CPU/Memory*")
| stats values(itsi_first_event_id) as itsi_first_event_id values(itsi_first_event_time) as itsi_first_event_time latest(event_id) as event_id earliest(itsi_group_severity) as Severity count by AirId itsi_group_id itsi_group_title KPI
| eval Severity=case(Severity=1,"Information",Severity=2,"Normal",Severity=3,"Low",Severity=4,"Medium",Severity=5,"High",Severity=6,"Critical")
| rename itsi_group_title AS title
| where isnum(AirId)
| join type=outer event_id
[ search index="itsi_tracked_alerts"
| table event_id search CIName HealthRuleName PublisherEventSubType]
| eval Event_Created_Time =strftime(itsi_first_event_time, "%Y-%m-%d %H:%M:%S")
| table Event_Created_Time title AirId KPI search CIName HealthRuleName PublisherEventSubType episode_severity Severity itsi_group_id
| eval _raw=replace(search,"CIName=\"","Details=\" ###CIName: ")
| eval _raw=replace(_raw,"\n","###")
| extract pairdelim="" kvdelim="="
| fields - PublisherEventSubType
| eval _raw=replace(Details,"=",":")
| extract pairdelim="###" kvdelim=":"
| fields - _raw,Details,Event_Details
| table Event_Created_Time title AirId KPI search CIName HealthRuleName PublisherEventSubType episode_severity Severity itsi_group_id
| rename itsi_group_id as event_id
| join type=outer
[ search index=itsi_notable_audit "*severity*" sourcetype=itsi_notable:audit
| eval episode_severity=mvindex(split(mvindex(split(activity," "),2),"="),1)
| stats latest(episode_severity) as episode_severity by event_id ]
| eval episode_severity = if(isnull(episode_severity),Severity,episode_severity )
| rename Severity as Initial_Severity , episode_severity as Latest_Severity
| table Event_Created_Time title AirId KPI Initial_Severity Latest_Severity
| eval eventdate_secs=strptime(Event_Created_Time,"%Y-%m-%d")
| eval eventdate=strftime(eventdate_secs,"%Y-%m-%d")
| stats count as Episode_Count by AirId KPI eventdate
| sort -Episode_Count
| eval _time=strptime(eventdate,"%Y-%m-%d")
| timechart span=1d count(Episode_Count) as Episode
| fillnull
| predict "Episode" as Prediction algorithm=LLP5 holdback=0 future_timespan=2 upper95=upper95 lower95=lower95
| `forecastviz(10, 0, "Episode", 99)`
| eval Prediction=if(Prediction<0,0.0,round(Prediction,1))
| table _time Episode Prediction AirId
| stats values(Prediction) as Outage by AirId] maxsearches=10000
| lookup AirId_List.csv AirId
| outputlookup AirId_List.csv append=f

Kindly help me with the solution.

Thank you!