cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
smitharani
New Member
Member since: ‎03-20-2022
‎03-21-2022
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-20-2022
Topics I've Started
No posts to display.
View All

Error in 'search' command: Unable to parse the sea...

by in Splunk Search
‎03-20-2022 09:54 PM
‎03-20-2022 09:54 PM
@niketnilay  Hi, I am doing a Splunk Query and came across a similar issue and hence posting here. Hope you can help!  My main search has 2 subsearches. Inner most subsearch returns all the orderIds for an email address. Each orderid is passed to the next subsearch which gives a refundid for this orderid. Note that not all orderid has a refundid. The main search takes the refundid and returns the other details such as refundreason, resultcode, resultmessage. Can you please help with this query? Goal is to use  this in a dashboard. User enters email as an inputfield. The refund details will be displayed in a table for all orderids associated to this email. Individual subsearches are working. But when put together, I get an error. index=*prod* source="http:smartrefund_prod" data.RefundId= [search index=*prod* source="http:smartrefund_prod" data.OrderGUID= [search index=*prod* sourcetype=ordersv2  CustomerEmail="tester@testy.com" |table OrderId] | data.SmartRefundRecord.id != null|table data.SmartRefundRecord.id] | table data.RefundId data.RefundReasons{} data.ResultCode data.ResultMessage     ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-21-2022 04:14 AM