I am trying to accomplish a simple "IN" command in Splunk, basically by filtering the result to show only those entries which have an entry for their "product_id" number in a another tables "product_number" attribute.
But Splunk throws an error saying: "Error in 'search' command: Unable to parse the search: Comparator 'IN' has an invalid term on the right hand side: NOT"
sourcetype= Order product_id IN [ search host=product | table product_number] | stats count by order_id
Any help in understanding what I am doing wrong would be of great.
... View more