Hi, I have a query like the below example, but getting "Subquery failed with error: No definition found for function <(Long, Boolean)." on it because it doesn't know how to handle the time comparison. Is there any other way I can filter results of parent query based on the time being less than the one we're making available via compose from the subquery?
| ...// extract fields
| first (_messagetime) by x, y
| where _first < ([subquery: _sourceName = "Log" _sourceCategory="B" "filtertext"
| sort by _messagetime desc | first(_messagetime) | compose _first])
| sort by _first
_first would be a _messagetime value, matching the subquery variable type
Please sign in to leave a comment.