olafhartong
commented
4 years ago it is in https://github.com/olafhartong/ThreatHunting/blob/master/default/macros.conf
[indextime] definition = _index_earliest=-15m@m AND _index_latest=now iseval = 0
Closed anywhere98 closed 4 years ago
olafhartong
commented
4 years ago it is in https://github.com/olafhartong/ThreatHunting/blob/master/default/macros.conf
[indextime] definition = _index_earliest=-15m@m AND _index_latest=now iseval = 0
Where can i find the indextime extraction for the threathunting index. There is a other fields when looking in to process views and the "indextime" dont show up.