I have log messages that have same field names and i am trying to create a table for the dashboard
My messages are:
{
Message:"App Started"
Timestamp: 2019-11-13 23:15:16.436156
},
{
Message:"App Stopped"
Timestamp: 2019-11-13 23:15:18.536156
}
I need to create table with Message, Start time and stop time.
Since both messages has same field name Timestamp, how can eval and differentiate them?
Tried using if(Message="App Stopped") but it always gets me same value for both fields.
↧