hello
I use the seatrch below
index="*" sourcetype="*"
| eval Boot_Duration=coalesce('Durée du démarrage ','Boot Duration ','Startdauer ','Duración del arranque ')
| dedup host
| stats count by host
Boot_Duration is a number value
I want to chech only the number values >100000
So I do
| where Boot_Duration>100000
But it doesnt works
Could you help me please??
↧