when running index="index1" | search "slot" its giving below events. which has time, hostname as well. events: {"priority":6,"sequence":4704,"sec":695048,"usec":639227,"msg":"hv_netvsc 54243fd...
See more...
when running index="index1" | search "slot" its giving below events. which has time, hostname as well. events: {"priority":6,"sequence":4704,"sec":695048,"usec":639227,"msg":"hv_netvsc 54243fd-13dc-6043-bddd-13dc6045bddd eth0: VF slot 1 added\n SUBSYSTEM=vmbus\n DEVICE=+vmbus:54243fd-13dc-6045-bddd-13dc6045bdda"} {"priority":6,"sequence":4698,"sec":695037,"usec":497286,"msg":"hv_netvsc 54243fd-13dc-6043-bddd-13dc6045bddd eth0: VF slot 1 removed\n SUBSYSTEM=vmbus\n DEVICE=+vmbus:54243fd-13dc-6045-bddd-13dc6045bdda"} my requirement is I need a difference of time between message removed and added for the particular day. i.e It should not add previous events.