i found for below query the search is happening based on default time field which is _time , so when ever i am choosing the date and time based on default time which is '5/26/22 7:40:00.000 AM' then the events are populating but if i am selecting any date and time which is align with my custom time field which is 'originaltime' then i am not getting any event , am i doing any thing wrong here
index="summary_carrier_service" originalsource="*gps-request-processor-dev*" originalsourcetype= "*eu-central-1*" event="*Request"
| fields event category labelType documentType regenerate businessKey businessValue sourceNodeType sourceNodeCode geoCode jobId status sourcetype source originaltime
| addinfo
| eval ts=strptime(originaltime,"%Y-%m-%d %H:%M:%S")
| where (ts>info_min_time and ts<=info_max_time)
The AND operator in the where command must be in upper case.
If you still don't get results, use the table command to examine the ts, info_min_time, and info_max_time fields.