![]() (Optional) To define advanced options for your lookup, select the Advanced options check box. ![]() The maximum time (in seconds) that the event timestamp can be later than the lookup entry time for a match to occur. The minimum time (in seconds) that the event timestamp can be later than the lookup entry timestamp for a match to occur. This defaults to %s.%Q or seconds from unix epoch in UTC and optional milliseconds. You can include subseconds but the Splunk platform will ignore them. The strptime format of the timestamp field. The name of the field in the lookup table that represents the timestamp. (Optional) Make this lookup a time-based lookup.The fields must be delimited by a comma followed by a space. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |