Hi All,
When I am running a search which fetches
([|`last_np_global_source("*companies*")`] AND [| inputlookup customer.csv | search customerName="cox" | fields cpyKey cpyName])
where "last_np_global_source" is a macro which expands to :
tstats max(_time) as maxTime WHERE index="global-np" source="$src$" earliest="-7d" by source | rex field=source "/(?\w+\/\w+)\.\d+" | sort - maxTime | stats first(source) as source by cpyKey_type| fields source
--- when I run this search, it is not showing any results if logged in as admin role , but shows results for non-admin roles.
when I look into search.log , I saw the params. What are these parameters.. how are they set? or unset?
Arguments are: "search" "--id=1474392920.31235" "--maxbuckets=300" "--ttl=600" "--maxout=500000" "--maxtime=8640000" "--lookups=1" "--reduce_freq=10" "--user=prhm" "--pro" "--roles=admin:power:user"
Thanks in advance
↧