index=abcd | stats count(eval(searchmatch(''https://drive.google.com/uc?export=download&id=1HGFF5ziAFGn8161CKQC$Xyuhni9PNK_X'))) as ''https://drive.google.com/uc?export=download&id=1HGFF5ziAFGn8161CKQC$Xyuhni9PNK_X' OR count(eval(searchmatch('value2'))) as 'value2'
I'm getting this error:
Your quotes before the http appear to be two SINGLE quotes rather than a double quote. Once you fix that you get a different error about dynamic fields and it looks like it doesn't like the $ sign in the searchmatch string.
what can be the solution here as I'm creating this query dynamically with format and giving as an input to base query.
how can i escape these special charachters
Please share your full search as the advice already given seems to fix the apparent errors in your example.
The string following "AS" should be a valid field name or a partial field name with a wildcard. You can rename the field to something more verbose later in the query using rename.
The equal sign might be causing issues, escape them with backward slash. Also, the OR keyword between two stats fields is invalid, remove it.
index=abcd | stats count(eval(searchmatch("https://drive.google.com/uc?export\=download&id\=1HGFF5ziAFGn8161CKQC$Xyuhni9PNK_X"))) as "https://drive.google.com/uc?export=download&id=1HGFF5ziAFGn8161CKQC$Xyuhni9PNK_X" count(eval(searchmatch("value2"))) as "value2"
@somesoni2 still the stats command is raising the error while escaping the with \
error: The argument ''The argument ''https://abc.......?export\=download&id\=1HGFF5ziAFGn8161CKQC$Xyuhni9PNK_X'' is invalid."is invalid.