Hello everyone,
i have this search that uses time range picker and my specific time range is 01/07/2018 to 01/13/2018, and i have a subsearch that time range should be equivalent to the past 4 weeks in my first search query which should be 12/10/2017 to 01/06/2018 .
my problem is i don't know how to get those values and use it in my subsearch's time range (earlist and latest) .
this is PART of my query, please provide me some example on how to solve this problem.
index="lrt_raw" DEVICE_ID=T*
|dedup _raw
|stats sum(TXN_AMT) as "SJT" by date_wday
|join type=inner date_wday [search index=rms report_id=0153A earliest=-28d@d latest=-8d@m
... View more