Hi, I want to run a search for a selected time range, and also want to do a sub search for the same duration in the previous interval. For example if user selects the last 60 mins as time range, then i want to do a sub search for the previous hour. Please help me how we can achieve this. Thanks.
..my search | eval range=info_max_time - info_min_time | [search earliest=earliest from time range - range latest=latest from time range - range]
↧