Hello guys!

I use some reports with the 

 | multireport

command like this: 

...search...

| multireport
    [
    | table _time L5PS1GutStk
      
     | sort + _time
     | where L5PS1GutStk!=""
     
     | autoregress L5PS1GutStk
     | reverse
     | fillnull
     | stats count(eval(L5PS1GutStk!=L5PS1GutStk_p1 AND L5PS1GutStk!=0)) as passes1
    
     
     ]
    [
     | table _time L5PS2GutStk 
     | sort + _time
     | where L5PS2GutStk!=""
     
     | autoregress L5PS2GutStk
     | reverse
     | fillnull
     | stats count(eval(L5PS2GutStk!=L5PS2GutStk_p1 AND L5PS2GutStk!=0)) as passes2
     
     ]

...rest of the search...

 This worked until yesterday, when Splunk was updatet from 7.3.3 to 8.2.2. 

Then this error occured:

It had to be fixed very fast so we created a simpler but more wrong search.

Today I was further investigating what went wrong and causes this issue. 

If first thought of the not documented multireport command and that this command was removed or something in the new version. But my colleague had a similar search with multireport and it still worked. I removed the whole multireport and it worked again so somethin with the multireport was wrong. Then I removed line after line for its own in the subsearches to figure out the source of the problem. 

Finally after removing the |table command in the first line of each subsearch, the whole search was working again!! I found the source. I replaced the table with the field command and everything works well again, crisis averted. I then tested another thing: Just replacing |table with |fields in only 1 subsearch. --> It worked again, no error. 

So my question to you guys is: Does anybody know what went wrong here and what are the differences in the Splunk versions to produce this error?

Thanks!!

PS to the Splunk Team: Please never delete the multireport and make it official, it is a very useful command!