|noop |append [ |metadata type=hosts | table *] | append [|metadata type=sourcetypes | table *] | eval t = now() - lastTime | where t > 86400 | eval name = coalesce(host,sourcetype)| table name t lastTime totalCount type |rename t as "Seconds since Event" | convert ctime(lastTime) timeformat="%m/%d/%Y %H:%M:%S %z"
Hi
The search is not working.
“|noop” does not exist and therefore I get the following error:
“Error in ‘append’ command: The ‘append’ command cannot be the first command in a search.”