When I try to create a report it says “”Invalid number of fields used in process command, expected 7 field(s) but found 8” Why?
Userlevel 4
+7
Difficult to say without the queries, but I assume one or more queries in the report are invalid, for example because the search before the pipe symbol doesn’t actually search for all the fields that the field command after the pipe symbol is trying to list.
It looks like this
| process eval("Funktionskode=if(SI_KEY_VALUE_01=='BASIS/FUNKTIONSKODE') {return SI_STRING4}")
| process eval("CPR=if(SI_KEY_VALUE_01=='OP/CPR_NUMMER') {return SI_STRING4}")
| process eval("Skaermtittel=if(SI_KEY_VALUE_01=='BASIS/SKAERMTITTEL') {return SI_STRING4}")
| process eval("Transaktionskode=if(SI_KEY_VALUE_01=='BASIS/TRANSAKTIONSKODE') {return SI_STRING4}")
| rename SI_USER as Bruger, "SI_STRING6" as "ID"
| process eval("Tidspunkt=strftime(log_ts, 'yyyy-MM-dd HH:mm:ss', 'GMT+2:00')")
| chart distinct_list(log_ts) as Nummer, distinct_list(Tidspunkt) as Tidspunkt, distinct_list(Bruger) as Bruger, distinct_list(CPR) as CPR, distinct_list(Funktionskode) as Funktionskode, distinct_list(Skaermtittel) as Skaermtittel, distinct_list(Transaktionskode) as Transaktionskode by ID
| chart count() by Nummer, Bruger, Tidspunkt, CPR, Funktionskode, Skaermtittel, Transaktionskode, ID
| search CPR!="[]"
| chart count() by Nummer, Bruger, Tidspunkt, CPR, Funktionskode, Skaermtittel, Transaktionskode, ID
| process toTable (KK, Nummer, Tidspunkt, Bruger, CPR, Funktionskode, Skaermtittel, Transaktionskode, ID)
If a remove ex. “| process eval("Transaktionskode=if(SI_KEY_VALUE_01=='BASIS/TRANSAKTIONSKODE') {return SI_STRING4}")” or other like this it works
Userlevel 4
+7
Is that all one query?!
Would some of this not be better serviced through enrichment?
I am new to this. So I am leaning:-) But why does it says that there is to many fields?
Userlevel 4
+7
To be honest, if this is all one query it is probably the most complicated one I have seen in a long time :) but I’m still not sure whether this is multiple lines/queries in a report or just one. If it’s multiple, does each of them work individually when just run as a search, and you can then narrow down which one breaks things?
This one for example looks weird - are you really trying to populate a table from within a report, and after a chart count?
| chart count() by Nummer, Bruger, Tidspunkt, CPR, Funktionskode, Skaermtittel, Transaktionskode, ID
| process toTable (KK, Nummer, Tidspunkt, Bruger, CPR, Funktionskode, Skaermtittel, Transaktionskode, ID)
Its that dumb?
Userlevel 4
+7
Well, in some cases it can be very clever, because it is one of two ways (the other being alert rules) to populate a table on a schedule - but only really if that’s what you want to do, and if you want to use that table for something else. But normally you’d at least do it before the aggregation (the “chart count” bit).
So Process toTable before Chart count?
Userlevel 4
+7
Yes - but what are you doing with that table? I at least see nowhere else in that report that it is used, so you must be planning to use it outside of that report somehow?
Yes. i have to create a search template
Userlevel 4
+7
Okay? Where does the table come into play with that?
Ok when I removed Table it worked. Do you know why?
Userlevel 4
+7
Well, for starters it wouldn’t have worked after the aggregation - chart count etc. always have to come last. Secondly, the table needs to exist, i.e. needs to be manually created in “lists and tables” as dynamic table first. It probably was one of those two things, and apologies if the error message was a bit wonky, it probably was confused by some of the nesting.
Thank you very much for your help :-)
Userlevel 4
+7
Hope it helped and good luck!
Reply
Sign up
Already have an account? Login
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInLogin to the community
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInEnter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.