×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
rebeccaweaver
New Member
Member since: ‎01-29-2018
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎01-29-2018
View All

Re: How to keep the original start time, but conti...

by in Splunk Search
‎01-29-2018 09:09 AM
‎01-29-2018 09:09 AM
That did not work, all it did was change the names of the columns, and move the start and end to the far right, rather than the left. It still had the incorrect values. ... View more

How to keep the original start time, but continuou...

by in Splunk Search
‎01-29-2018 05:27 AM
‎01-29-2018 05:27 AM
So the query that is currently in use is: index=name source=source_name | fields start_time end_time src subject category id body| dedup id | table start_time end_time src subject category id body Where the table shows all events correlated with the same id, however, it keeps the original start_time and end_time of the first event with that id. I want to keep the original start time, but continuously update the end time. On a side note, when enabling drill down per cell is there a way to have the drill down to the search field only search on the index/source/field selected ? Currently, when clicking on a random field it searches on the index/source/start_time/selected field . ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM