Hi, I wonder whether someone may be able to help me please:
I'm trying to return the following details:
Submission Date
Reference Number
With the following criteria:
Where the reference number has an auditType=FormSaved **but does not have** the auditType=FormSubmission (Because it is possible to have both auditTypes for the same reference number)
this is what I've put together so far, but I just can't get this to work.
index=main auditSource=for-frontend auditType=FormSaved
| eval generatedAt=strptime(generatedAt, "%Y-%m-%dT%H:%M:%S")|convert timeformat="%d/%b/%Y %H:%M" ctime(generatedAt)
| rename generatedAt As "submissiondate"
| table submissiondate detail.referenceNumber
| join type=left detail.referenceNumber[search index=main auditSource=for-frontend NOT auditType=FormSubmission
| eval generatedAt=strptime(generatedAt, "%Y-%m-%dT%H:%M:%S")|convert timeformat="%d/%b/%Y %H:%M" ctime(generatedAt)
| rename generatedAt As "submissiondate"
| table submissiondate detail.referenceNumber]
I just wondered whether someone could look at this please and let me know where I've gone wrong.
Many thanks and kind regards
↧