Hi,
Can anyone explain why the following dosent work?
....
| eval suppress=if((hour >=10 AND hour <=12, "yes","no") AND (dest="x.x.x.x"))
| where suppress="no"
...
the idea being not to produce results if the hour is between 10 - 12 AND the server equals x.x.x.x
I still want to see results produced between 10 - 12 for devices other than that server.
Thanks in advance.
↧