Solved: Re: Search Factory: Why am I getting unknown searc...

seva98 · ‎09-18-2019

My search starts with this:
tag=kpi earliest=1521504000 latest=1521849600 | table _time enterprise_id facility_id shop_id (there is more after)
If I run this search inside classic Search, I get results as excepted.

But if I run search with exactly the same query in javascript with
service.oneshotSearch(query, { "output_mode": "JSON" }, function(err, data) { ... }

I will receive following error message:
common.js:428 [SPLUNKD] Search Factory: Unknown search command 'tag'.

Are there some kind of limitation for oneshot search that doesn't allow using tags or do I need to pass any other config to oneshot search in order to make it work with tagin query?

kamlesh_vaghela · ‎09-18-2019

@seva98

You need to prepend search to your search.

eg.

search tag=kpi earliest=1521504000 latest=1521849600 | table _time enterprise_id facility_id shop_id

View solution in original post

kamlesh_vaghela · ‎09-18-2019

@seva98

You need to prepend search to your search.

eg.

search tag=kpi earliest=1521504000 latest=1521849600 | table _time enterprise_id facility_id shop_id

seva98 · ‎09-18-2019

Thanks! Just found out that like seconds ago by searching in another project. Search was really missing and now it works.

kamlesh_vaghela · ‎09-18-2019

Glad to help you @seva98 .
Can you please accept this answer to close this question?

Search Factory: Why am I getting unknown search command 'tag' only in Javascript while it works in classic Search?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases