Hello,
I want to have the hour of the current time but I don't able to have it because now() returns all the current date but just want to have the current hour.
this is my search :
source="tcp:5543" |eval date_hour=strftime(_time, "%H") | rangemap field=count severe=0-0 elevated=1-50 default=low | eval range=if(date_hour>9 AND date_hour<14 AND count<11, "low",if(date_hour > 13 AND date_hour < 24 AND count > 11, "severe", range))
I want to run this search only on the current hour. I test it with "earliest" and "latest" but it retunrs 2 hours if it is 14:30 for example.
Thanks by advance to your help.
Laura
Try this:
earliest=@h latest=now
Lp
It's perfect thx very much.