Is there a way to do a real time search with a static start time? For example...
Select start time of march 19 @ 9:00 am and expand the latest time every 5 seconds? Instead of a sliding window of 5 minutes or 5 hours, it is more of an expanding window. I'm hoping this is relatively simple. I know earliest_time can set a static start time. Maybe this is the direction I want to go.
Thanks
I dont think you can mix and match real-time with non real-time time specifiers.
What you can try instead is to run the search for static time from march 19th till now and refresh search panel every 5 sec.
<search>
<query><Your Base Search with filters> earliest="03/19/2017:09:00:00" latest="now"
| <Your Remaining search></query>
...
...
<refresh>5s</refresh>
<refreshType>delay</refreshType>
I dont think you can mix and match real-time with non real-time time specifiers.
What you can try instead is to run the search for static time from march 19th till now and refresh search panel every 5 sec.
<search>
<query><Your Base Search with filters> earliest="03/19/2017:09:00:00" latest="now"
| <Your Remaining search></query>
...
...
<refresh>5s</refresh>
<refreshType>delay</refreshType>
Niketnilay,
I think this will work nicely. Thanks!
@jcspigler2010 glad it worked!