When I run the below command, it returns some of the grouped events, but not all of them. It will not return the most recent events.
If I change to `earliest=-1d`, it returns events (more recent) than that of `earliest=-2d`. I thought all events up to the current time should be returned with `-2d` or `-1d`. In other words, `-2d` should return 2 days worth, `-1d` should return 1 day worth, but all events returned from `-1d` should be returned with `-2d`, right?
index="personalizedoffer" earliest=-2d (XML_INPUT_LOGGER AND offerInquiryRequest) OR "EnVisionResponse version" | xmlkv | fields _time clientId | transaction clientId
↧