Solved: get latest record based on custom time field

dsiob · ‎07-12-2017

I have a excel input having columns-> Id, UpdateTime, Desription, AssignedTo, StartTime
having Values like

Id UpdateTime Description AssignedTo
1 7/12/17 4:00 XYZ Sam
1 7/12/17 8:00 XYZ Tom
2 7/12/17 4:00 ABC Dan
2 7/12/17 8:00 ABC Kaly

result should be:
Id UpdateTime Description AssignedTo
1 7/12/17 8:00 XYZ Tom
2 7/12/17 8:00 ABC Kaly

I need to fetch the latest record of each Id as per UpdateTime.
'StartTime' field is already _time in existing query serving other purpose.

dsiob · ‎07-14-2017

I did it like this :

current search here
| sort -Id, -UpdateDateTime
| dedup Id
| table Id UpdateTime Description AssignedTo

it's working.

dsiob · ‎07-14-2017

I did it like this :

current search here
| sort -Id, -UpdateDateTime
| dedup Id
| table Id UpdateTime Description AssignedTo

it's working.

somesoni2 · ‎07-12-2017

Try like this

your current search giving fields Id UpdateTime Description AssignedTo
| eval _time=strptime(UpdateTime,"%m/%d/%y") 
| sort 0 -_time | dedup Id

dsiob · ‎07-14-2017

thanks someonei2 for reply

get latest record based on custom time field