Solved: Search Factory: Why am I getting unknown search co...

seva98 · ‎09-18-2019

My search starts with this:
tag=kpi earliest=1521504000 latest=1521849600 | table _time enterprise_id facility_id shop_id (there is more after)
If I run this search inside classic Search, I get results as excepted.

But if I run search with exactly the same query in javascript with
service.oneshotSearch(query, { "output_mode": "JSON" }, function(err, data) { ... }

I will receive following error message:
common.js:428 [SPLUNKD] Search Factory: Unknown search command 'tag'.

Are there some kind of limitation for oneshot search that doesn't allow using tags or do I need to pass any other config to oneshot search in order to make it work with tagin query?

kamlesh_vaghela · ‎09-18-2019

@seva98

You need to prepend search to your search.

eg.

search tag=kpi earliest=1521504000 latest=1521849600 | table _time enterprise_id facility_id shop_id

View solution in original post

kamlesh_vaghela · ‎09-18-2019

@seva98

You need to prepend search to your search.

eg.

search tag=kpi earliest=1521504000 latest=1521849600 | table _time enterprise_id facility_id shop_id

seva98 · ‎09-18-2019

Thanks! Just found out that like seconds ago by searching in another project. Search was really missing and now it works.

kamlesh_vaghela · ‎09-18-2019

Glad to help you @seva98 .
Can you please accept this answer to close this question?

Search Factory: Why am I getting unknown search command 'tag' only in Javascript while it works in classic Search?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!