I have a search as follows
earliest="08/01/2016:00:00:01" latest="08/01/2016:23:59:59" getABCsWin("XYZ","abc12345678")
Now how can I add the time format string as mentioned below for all the searches contains unique search string "getABCsWin"
What condition and search string etc should I have to use for creating a macro?
when any splunk search runs with the word "getABCsWin"(in any dashboard or alert etc etc). I want the string timeformat="%d/%m/%Y:%H:%M:%S” to be added to that search. So that i can get the output as i needed i.e; in the DD/MM/YYYY format.