Hello, it doesn't seems to work for me 😞
The source type is log4j logs. Splunk (light) successfully parsed date/time and shows me separate column in search results with name "Time". I tried (with space and without space after minus):
| sort -Time
| sort -_time
Whatever I do it just ignore and sort results ascending.
I figured out that if I put wrong field name it does the same. The name "_time" I tried to use because when you click on the value in Time column it shows option to show events before or auto and tell me that the field name is "_time". Could you make any suggestion please?
... View more