Thanks Matthias
I get an error when doing this. Here are details from the error log:
Execution costs
Duration (seconds)
Component
Invocations
Input count
Output count
0.00 dispatch.evaluate.head 1 - -
0.39 dispatch.evaluate.search 1 - -
0.00 dispatch.writeStatus 2 - -
0.42 startup.configuration 1 - -
1.05 startup.handoff 1 - -
Search job properties
bundleVersion 18246669895473244130
canSummarize 0
createTime 2015-12-07T16:03:23.000+00:00
cursorTime 2038-01-19T03:14:07.000+00:00
custom {
"dispatch.earliest_time": null,
"dispatch.latest_time": null,
"display.page.search.mode": "verbose",
"search": "* | head 1 | eval clientip = 89.234.157.254 | lookup threatscore clientip | table clientip, threatscore"
}
defaultSaveTTL 604800
defaultTTL 600
delegate None
diskUsage 110592
dispatchState FAILED
doneProgress 1.0
dropCount 0
eai:acl {
"app": "search",
"can_write": "1",
"modifiable": "1",
"owner": "xxxxxxxxxxx",
"perms": {
"read": [
"xxxxxxxxx"
],
"write": [
"xxxxxxx"
]
},
"sharing": "global",
"ttl": "600"
}
earliestTime 1970-01-01T00:00:00.000+00:00
eventAvailableCount 0
eventCount 0
eventFieldCount 0
eventIsStreaming True
eventIsTruncated True
eventSearch search * | head 1
eventSorting desc
isBatchModeSearch False
isDone True
isFailed True
isFinalized False
isPaused False
isPreviewEnabled True
isRealTimeSearch False
isRemoteTimeline False
isSaved False
isSavedSearch False
isTimeCursored 1
isZombie False
keywords None
label None
modifiedTime 2015-12-07T16:03:52.029+00:00
numPreviews 0
pid 7684
priority 5
remoteSearch None
reportSearch None
request {
"adhoc_search_level": "verbose",
"auto_cancel": "30",
"custom.dispatch.earliest_time": null,
"custom.dispatch.latest_time": null,
"custom.display.page.search.mode": "verbose",
"custom.search": "* | head 1 | eval clientip = 89.234.157.254 | lookup threatscore clientip | table clientip, threatscore",
"earliest_time": null,
"indexedRealtime": null,
"latest_time": null,
"preview": "1",
"rf": "*",
"search": "search * | head 1 | eval clientip = 89.234.157.254 | lookup threatscore clientip | table clientip, threatscore",
"status_buckets": "300",
"ui_dispatch_app": "search"
}
resultCount 0
resultIsStreaming True
resultPreviewCount 0
runDuration 0.39
runtime {
"auto_cancel": "30",
"auto_pause": "0"
}
sampleRatio 1
sampleSeed 0
scanCount 0
search search * | head 1 | eval clientip = 89.234.157.254 | lookup threatscore clientip | table clientip, threatscore
searchCanBeEventType 0
searchProviders []
searchTotalBucketsCount 0
searchTotalEliminatedBucketsCount 0
sid 1449504202.98629
statusBuckets 300
ttl 599
... View more