Hello,
i have only two values logout_time and online_time and i would like to get the login_time.
How could i subtract the online_time from the logout_time ?
search:
index="index_5" sourcetype="system:logins"
| table logout_time,online_time,login_time
![alt text][1]
[1]: /storage/temp/274769-suche-splunk-731-2019-09-20-11-21-30.png
↧