Hello,
How do I do something like this in splunk?
eval base_starttime = [search index="app_event"| eval starttime = strftime(sometime, someformat) | return starttime] | (then use base_startime ....)
Basically I want to get hold of an eval in subsearch to use in my base search.
Thanks.
