Hi Ciao,
below is the query I want to modify to look for the events which indexed only on Monday and TuesDay.
index=finance_preprod (date_wday="monday" OR date_wday="tuesday") sourcetype=finance_salesRecon_app_PPE source=frs_integration_engine_PPE message="WEEKLY Feed :*Route file encryption transfer has completed"
| eval event_week_day = strftime(_time,"%w"), event_hour = strftime(_time,"%H"), current_week_day = strftime(now(),"%w"), current_hour = strftime(now(),"%H")
| where event_week_day<=2 AND event_hour<=14
| stats count as weekly_feeds
I tried with your answer, but its not working. Could you please help me to modify the query?
... View more