Hi All,
Could you please let me know how to extract _time for from fields for one index out of multiple index which using one sourcetpe ?
like having indexes a,b,c,d,e and sourcetype =s1 ,here time stamp extraction has to be done for only one index b.
means I am looking for index based timestamp extraction
Thanks
Rakesh