How can I do a comparison with values from same field at different times? The logs belongs to the same index/sourcetype. There's a field called **lagtime** which basically denotes how long it took to complete a process/action. Goal is to compare the lagtime at current time with lagtime in past 12 hours and display the results only if there is no match.
↧