Hello all, I have a dashboard and I need the "|gentimes" command to generate dynamic values accordingly to the selected time picker. Picking up the earliest event from the search.
| gentimes start=$field1.earliest$ increment=3h
| convert timeformat="%Y/%m/%d - %H" ctime(starttime)
| rename starttime as date
| table date
I tried to search inside the start argument but It throws an error:
"[subsearch]: command="gentimes", generatetimestamps requires start=mm/dd/yyyy:hh:mm:ss and optional takes 'end' and 'increment' values
The full appended query:
base search
| append
[| gentimes start= [search "base search"
| tail 1
| convert timeformat="%m/%d/%Y:%H:%M:%S" ctime(_time) as dt
| eval firstEvent = dt
| return $firstEvent] increment=3h
| convert timeformat="%Y/%m/%d - %H" ctime(starttime)
| rename starttime as defaultDate
| table defaultDate]
Thanks.
↧