I have dataset which have field INSERT_DATE now i want to perform search based the date which is match with Global Time Picker
Search what i want to is
index = ******* host=transaction source=prd | spath
| mvexpand message
| rename message as _raw
| fields - {}.* ``` optional ```
| spath path={}
| mvexpand {}
| fields - _* ``` optional ```
| spath input={}
| search TARGET_SYSTEM="EAS"
| eval _time=strptime(INSERT_DATE, "%m/%d/%Y")
| chart sum(TRANSACTION_COUNT) as TRANSACTION_COUNT by INSERT_DATE
| where INSERT_DATE =strftime($global_time.latest$, "%m/%d/%Y")
i modified my search but not getting any result
index = ****** host=transaction source=prd | spath
| mvexpand message
| rename message as _raw
| fields - {}.* ``` optional ```
| spath path={}
| mvexpand {}
| fields - _* ``` optional ```
| spath input={}
| search TARGET_SYSTEM="EAS"
| chart sum(TRANSACTION_COUNT) as TRANSACTION_COUNT by INSERT_DATE
| addinfo
| eval _time =info_min_time
| where INSERT_DATE=_time
My ROW Data:
[{"ID":"115918","TARGET_SYSTEM":"EAS","REVIEW":"CPW_00011H","TOTAL_INVENTORY":0,"TOTAL_HITS":0,"TRANSACTION_TYPE":"MQ","TRANSACTION_NAME":"HO620I","TRANSACTION_COUNT":4,"PROCESS_DATE":"11/26/2024","INSERT_DATE":"11/27/2024"}
,{"ID":"115919","TARGET_SYSTEM":"EAS","REVIEW":"CPW_00011H","TOTAL_INVENTORY":0,"TOTAL_HITS":0,"TRANSACTION_TYPE":"MQ","TRANSACTION_NAME":"HO626I","TRANSACTION_COUNT":39,"PROCESS_DATE":"11/26/2024","INSERT_DATE":"11/27/2024"}]
When i am not using where condition its giving me data.
index = **** host=transaction source=prd | spath
| mvexpand message
| rename message as _raw
| fields - {}.* ``` optional ```
| spath path={}
| mvexpand {}
| fields - _* ``` optional ```
| spath input={}
| search TARGET_SYSTEM="EAS"
| chart sum(TRANSACTION_COUNT) as TRANSACTION_COUNT by INSERT_DATE
| addinfo
| eval _time =info_min_time
