Hello!
I have multiple saved search. Each search covers the period of 12 hours. Accordingly, each search has a earliest time and latest time. The results of each search are uploaded to csv. I would like to name each file contained earliest time of search. It is possible?
Function
| outputcsv [ | stats count | eval filename=strftime(now(), "filename_%d_%m_%y_%H_%M_%S") | return $filename]
return filename, contains current time when search is started. But I do not know how to enter in the name of the file earliest time.
Tell me, is it possible to do this and if so, how?