Hi this has worked correctly but now I need to do another thing. Suppose abc is a message string which contains certain numbers acc to the current time. For example:
Filename : (*****0000**)
|eval filter=case(
( (IST_time_hour=23 AND IST_time_min >= 00) OR (IST_time_hour=00 AND IST_time_min <30) ),0000
,( (IST_time_hour=00 AND IST_time_min >= 30) OR (IST_time_hour=01 AND IST_time_min <59) ),0130
,( (IST_time_hour=02 AND IST_time_min >= 00) OR (IST_time_hour=03 AND IST_time_min <30) ),0300
,( (IST_time_hour=03 AND IST_time_min >= 30) OR (IST_time_hour=04 AND IST_time_min <59) ),0430
,( (IST_time_hour=05 AND IST_time_min >= 00) OR (IST_time_hour=06 AND IST_time_min <30) ),0600
,( (IST_time_hour=06 AND IST_time_min >= 30) OR (IST_time_hour=07 AND IST_time_min <59) ),0730
,( (IST_time_hour=08 AND IST_time_min >= 00) OR (IST_time_hour=09 AND IST_time_min <30) ),0900
,( (IST_time_hour=09 AND IST_time_min >= 30) OR (IST_time_hour=10 AND IST_time_min <59) ),1030
,( (IST_time_hour=11 AND IST_time_min >= 00) OR (IST_time_hour=12 AND IST_time_min <30) ),1200
,( (IST_time_hour=12 AND IST_time_min >= 30) OR (IST_time_hour=13 AND IST_time_min <59) ),1330
,( (IST_time_hour=14 AND IST_time_min >= 00) OR (IST_time_hour=15 AND IST_time_min <30) ),1500
,( (IST_time_hour=15 AND IST_time_min >= 30) OR (IST_time_hour=16 AND IST_time_min <59) ),1630
,( (IST_time_hour=17 AND IST_time_min >= 00) OR (IST_time_hour=18 AND IST_time_min <30) ),1800
,( (IST_time_hour=18 AND IST_time_min >= 30) OR (IST_time_hour=19 AND IST_time_min <59) ),1930
,( (IST_time_hour=20 AND IST_time_min >= 00) OR (IST_time_hour=21 AND IST_time_min <30) ),2100
,( (IST_time_hour=21 AND IST_time_min >= 30) OR (IST_time_hour=22 AND IST_time_min <59) ),2230
)
|where LIKE('Filename','filter')
Now I need this where to search whether the filter value lies in the Filename. Again really thanks for your help!!!
What I have tried and it didnt work
|where LIKE('message.FileName','*filter')
|where LIKE('message.FileName','%filter%')
... View more