Hi MSaraswat,
try something like this
index=my_index1 sourcetype=my_sourcetype1 [ search index=my_index2 sourcetype=my_sourcetype2 | rename Timestamp AS latest | eval earliest=strptime(latest,"time_format")-duration | fields earliest latest ]
| ...
(I don't know the Timestamp field format so you have to customize it).
Bye.
Giuseppe
... View more
I'm looking to collect logs from HP Performance Center as well....According to our HP Performance Center analysts, it appears the analysis summaries are posted to HTML pages. Is REST the best option?
... View more