a question relevant to the one here:
I'm trying to figure out how to capture records of a certain indexed difference when querying CWLI. Specifically, I need to find the record after each occurrence of an exception (yes, I know the below is an improper logging structure, however our hands are tied on this one):
Where the only two fields are Timestamp and Message. I can match all exceptions with the following query:
fields @message, (fields @message as a | filter \),(@message like "Exception for Aircraft id <StringArray>") as a
| filter a = 1
How can we go about obtaining the next chronological message for each Exception?
