Hi,
I have two event fields with the same name "timestamp". I just want to display (in stats) the "timestamp" field from the "ResponseReceive" logEventType. Not the one from logType "SystemLog". Currently is displays both. Is there a way to do this? Any assistance is appreciated. Thank you!!
...
| fields timestamp, apiName, apiVersion, ceoCompanyId, entityId, sessionId, transactionDetailsResponse.transactionDetailsList.totalCount, transactionDetailsResponse.transactionDetailsList.transactionDetails{}.acctNumber, transactionDetailsResponse.transactionDetailsList.transactionDetails{}.Amount, transactionDetailsResponse.transactionDetailsList.transactionDetails{}.tranDateTime, transactionDetailsResponse.transactionDetailsList.transactionDetails{}.totalTranCount
| rename transactionDetailsResponse.transactionDetailsList.totalCount AS "TransactionCount", transactionDetailsResponse.transactionDetailsList.transactionDetails{}.acctNumber AS "AcctNum", transactionDetailsResponse.transactionDetailsList.transactionDetails{}.Amount AS "Amount", transactionDetailsResponse.transactionDetailsList.transactionDetails{}.tranDateTime AS "TranDateTime", transactionDetailsResponse.transactionDetailsList.transactionDetails{}.totalTranCount AS "TotalTranCount"
| stats
values(timestamp) AS timestamp,
values(TranDateTime) AS TranDateTime,
values(apiName) AS apiName,
values(apiVersion) AS apiVersion,
values(ceoCompanyId) AS ceoCompanyId,
values(entityId) AS entityId,
values(TotalTranCount) AS TotalTranCount,
values(AcctNum) AS AcctNum,
by sessionId,
1 Solution
