Hello!
I have a search with timechart that I need to filter time AFTER the timechart based on the current time.
I've tried:
search blablabla
| timechart span=1m limit=0 eval(sum(SOM)/sum(VOL)) by VAR
| where earliest=-3m@m latest=@m
But got the error: Error in 'where' command: The operator at 'm@m latest=@m' is invalid.
And:
search blablabla
| timechart span=1m limit=0 eval(sum(SOM)/sum(VOL)) by VAR
| search earliest=-3m@m latest=@m
But got no results.
Does anyone know how to to that?
Thank you!
