@niketn we may not have at least one fruit every hour, for example if Apple is present between 8-10 i want mark it as available. if apple is not present during 10-12 window, I want to mark it as "Not available" and create an alret to place a order for apple. in similar way i have 6 different fruits which i have to monitor for "today" with 2 hour slots from 8AM to 10PM with an option to check previous days information.
I am unable to use "_time" feature as it is inputlookup which is having a field containing Time. So even if I apply a time picker for last 60 minutes, it will keep showing information of all previous days so I have to put a filter withing the Time field to pick only for the current date which is a string but in the [2018-05-07 20:00:44] YYYY-MM-DD hh:mm:ss sequence.
Current Query:
| inputlookup test
| fields Category,Time
| eval Time= strptime(Time, "%Y-%m-%d %H:%M:%S")
| where Time>=relative_time(now(),"-1d")
| eval c_time=strftime(Time,"%F %T")
Results:
Category Time c_time
1 APPLE 1526434675.000000 2018-05-16 11:37:55
2 APPLE 1526451005.000000 2018-05-16 16:10:05
3 APPLE 1526448470.000000 2018-05-16 15:27:50
4 Banana 1526466669.000000 2018-05-16 20:31:09
5 Mango 1526438117.000000 2018-05-16 12:35:17
6 Mango 1526443223.000000 2018-05-16 14:00:23
... View more