Hi,
We are using SPLUNK in our organization (I work for AT&T) and I need to know how do I search any events before a statement in the log file. E.g. we have a statement in the log file - "Agent Table Change, Verifying FT State" and I want to find all the events happened before the first incidence of this statement in the log file.
Please help on this.
You're looking for localize with a timebefore of some value and a timeafter of zero, piped into map. See http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/localize for reference.