Solved: Re: "Error in 'map' command: Unable to find saved ...

mcgi906 · ‎07-12-2016

Currently, I have a form with a search that populates a two column table, and am using one of the columns as a key to append a third. However, I keep on getting an error message that there's an error coming from the map command, and after looking at several examples, cannot figure out what's wrong with it.

map search= "search index=a STATUS=WAIT | eval REASON=split(REASON,"/") | eval filteredVal=mvfilter(match(REASON, $$SPLITid$$))" | table filteredVal

somesoni2 · ‎07-12-2016

There is an additional space after search=. remove it

...| map search="search index=a STATUS=WAIT | eval REASON=split(REASON,"/") | eval filteredVal=mvfilter(match(REASON, $$SPLITid$$))" | table filteredVal

View solution in original post

somesoni2 · ‎07-12-2016

There is an additional space after search=. remove it

...| map search="search index=a STATUS=WAIT | eval REASON=split(REASON,"/") | eval filteredVal=mvfilter(match(REASON, $$SPLITid$$))" | table filteredVal

"Error in 'map' command: Unable to find saved search 'search='"

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you a member of the Splunk Community?

"Error in 'map' command: Unable to find saved search 'search='"

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...