I am attempting to return a field from a subsearch into an eval statement. No errors are thrown, but when the table populates, the "79 events" that are returned are blank. I know there are a lot of issues with formatting, especially since the field I am returning is made up of strings. Any ideas or workarounds?
eval f=[search indexa | fields REASON | eval query=REASON | eval query=tostring(query) | return $query] | table f
Earlier, I was getting the error that there was an error in the eval function, that an operator was invalid. I used the `tostring()` function and that cancelled the error, but like I said, all the rows of returned data are blank.
↧