Hi,
my events have a field with epochtime which I want to use in the very first pipe to filter the search
Of course I can do it like
sourcetype=foo field<=1461110400
Is it somehow possible to use this filter as a readable date in the first pipe? Like in earliest
earliest="04/20/2016:00:00:00"
Cheers
Heinz
↧
How can I use a unixtimestamp as a timerange filter like with earliest & latest in the first pipe?
↧