Hello all,
I am using the object SearchManager for the below query, however it is not returning anything. Executing the same query directly in SEARCH, we can find the results. Probably it is something related to the double quotes in the replacement command within the query:
var myquery= 'sourcetype=XXX | eval time_resumo=substr(time,6,2) | eval IP = replace(replace(IP, "\."," "),":"," ") |
lookup unidadedepara.csv IP OUTPUT PLANTA | timechart span=1h avg(time_resumo) by PLANTA'
Is there any special way to configure (store) the above query in variable via Javascript to be executed via SearchManager?
Thanks and regards,
Danillo Pavan
↧