Hi
I have the following search, and sometimes it doesent get any result.
When there are no values to return, I want to return a table with the fields: _time | sloc_type | upload_id
to show the user that there are no results.
My search:
index=testeda_p groupID=sloc_data
| search project=Periph core=pcie core_ver=1.4 sloc_type="verif"
| dedup _time
| sort -_time
| head 1
| table _time sloc_type upload_id
Thanks
↧