My actual search
sourcetype="xyz" Operation=q | eval msg=if(Status == "fail",[search sourcetype="xyz" Operation="p" Status="Fail" |rename message as errorMessage| eval errorMessage=replace(errorMessage,":","")|return $errorMessage ],"successful")|table Status,platform,msg
does not gives values and when ran [search sourcetype="xyz" Operation="p" Status="Fail" |rename message as errorMessage| eval errorMessage=replace(errorMessage,":","")|return $errorMessage ] separately works fine.
I am not sure what is missing.
