I have One field value as datetime field and I want the data of only latest time. how can I write Query. My current search is index="ad_dns_new" sourcetype="resolve_json"|eval k=strptime(DateTime,"%Y-%m-%dT%H:%M:%S")|eval New_Date=strftime(k,"%d-%m-%Y %H:%M:%S") | table HealthCheck,Result,New_Date,Customer|chart values(Result) as Result over HealthCheck by New_Date. I am attaching image of my current output. From that I want data of 11the nov 15:36:57. How Can I do it? I look forward to hearing from you.
![alt text][1]
[1]: /storage/temp/257604-example.png
↧