Hi All - I need help with System Log data query.
I am trying to pull data from System Log table where an ADMIN user has made a user update (user admin task). When I query, it gives me two entries, one with View option "T" and other with View Option "N". I only want to see one entry in my log that I have pulled. Preferably View="T".
The filed in SystemLog table is ANNOT.
I tried below query but it doesn't give me back any result.
arsdoc query -h <hostname> -u <user>-f "System Log" -i "where userid='$line' and msg_num in (34,35,36) and annot='YES' and ODDAT_time_stamp_dt > '$endDate'".
this query gives me empty result and if I remove annot='YES', then I get two line back as a result in my log file.
Time Stamp,Userid,Severity,Msg Num,Message,View,Log ID
11/16/2021 14:12:42,<Admin_userid>,4,36,User Update: Userid(<userid1>) Id(3),T,1369837038,
11/16/2021 14:12:37,<Admin_userid>,4,36,User Update: Userid(<userid1>) Id(3),N,1698537038,