Hi all,
I am trying to run a map command that will run searches from a lookup one by one as follows :
| inputlookup "Correlation_searches.csv"
| head 1
| map search="$check_search$"
The head 1 is just for debug purpose. The value of $check_search$ is the search.
For some reason i get the next error :
Unable to run query '"| tstats `summariesonly` count from
datamodel=\"Change_Analysis.All_Changes\" where earliest=-7d@h latest=now
nodename=\"All_Changes.Account_Management\" \"All_Changes.tag\"=\"delete\""'.
But i ran this search and it worked just fine:
| makeresults 1
| map search="| tstats `summariesonly` count from datamodel=\"Change_Analysis.All_Changes\"
where earliest=-7d@h latest=now nodename=\"All_Changes.Account_Management\"
\"All_Changes.tag\"=\"delete\""
Thanks !
↧