I want to simply get new exceptions that occur within last 30 minutes which did not happened anytime last week on the same day. I have this query to get exceptions for last weekday. earliest=-7d@d latest=-6d@d index=production "java.lang.NullPointerException*" | stats count by field6 Which gives me result :: abcd.handler.CreateBankHandler 26 abcd.cr.RequestProcessor 34 abcd.cr.SessionInfo 1 abcd.cr.SSOServlet 2 abcd.impl.ExportManagerImpl 1 abcd.impl.ImportFileProcessor 1 The second query earliest=-1d@d latest=now index=production "java.lang.NullPointerException*" | stats count by field6 Which gives me result :: abcd.handler.CreateBankHandler 27 abcd.cr.RequestProcessor 7 abcd.cr.SessionInfo 1 abcd.cr.BaseServlet 6 abcd.cr.SSOServlet So, the result should be new events from the second query. Name :: abcd.cr.BaseServlet
... View more