My search is this: host= | eval T_Start=strptime(Transaction_Start, "%b %d %Y %I:%M:%S.%3N%P"), T_End=strptime(Transaction_End, "%b %d %Y %I:%M:%S.%3N%P") I re-imported the sample below and the field extracts appear to work well.ĮXTRACT- Transaction_Start,Transaction_End I took the defaults after highlighting the 2 Transaction_Start,Transaction_End fields.
I set up a field extraction (maybe that's the problem?) like this.
0 kommentar(er)
