Hello guys,
could you let me know the difference in term of buckets between :
| dbinspect *search* and *search* | eval bkt=_bkt | table bkt ?
It looks like dbinspect returns more results and with wider span. My aim is to remove buckets according to a specific search and timeframe.
Thanks.
↧
