We have an existing Drill down that currently works. We are adding 2 new lines to the drilldown that filter out computers that have not logged into AD in the last 30 days. Once the 2 new lines are added the drill down starts returning blank pages, a search page with nothing in the search field and not data or just a generic error.
These are the two new lines, the error must be here:
| eval ad_logon1=strptime(ad_lastLogon,"%Y-%m-%d")
| where ad_logon1 > relative_time(now(),"-30d@d") OR isnull(ad_lastLogon)
Here is my current drill down, I have tried different codes for @ , % " > < but none of them seem to work:
Tried copying your search to drilldown and it works. Easiest way is to edit drilldown from the panel , select "Link to search " , select custom and add your search there. In this way , you dont need to worry about XML escaping.
or try changing the where clause to
|where ad_logon1 > relative_time(now(),"-30d@d") OR isnull(ad_lastLogon)| table hostname