Hi, For a testing purposes, can i have few long running search SPL queries please.
Using the search tutorials sample data would be of great help.
I assume subsearches, join would be good fit for long running searches. Can you pls write some simple/basic long running SPL queries. Thx
Hi inventsekar,
use transaction and join: you'll surely have long running searches!
If you aren't still satisfied, extend the time period.
e.g.:
index=wineventlog
| transaction ID_accesso
| join host [ search index=_internal ]
(sorry for the fieldname in italian, I have only this one!)
Bye.
Giuseppe