Hi all.
I have a field called `src` with values like:
348
55666
77666
95670
23456
I want to create a new field that only shows the values that are greater than 1000, my search string looks like:
... | where src > 1000
I tried directly with ` ... | eval field= where src > 1000` and doesn't work. Also, tested with `eval field=command(search subsearch)` and also doesn't work.
Suggestions?
↧