Hi, I am trying to generate a report of all the data models that I have in my environment along with the last time it has been accessed to do a cleanup. Can anyone help with the search query?
See the other answer by @adonio and add this:
index=_* sourcetype=scheduler | stats count by savedsearch_id
SPL
| rest /servicesNS/-/-/saved/searches
start here: | rest /services/datamodel/acceleration or here: | rest /services/datamodel/model
| rest /services/datamodel/acceleration
| rest /services/datamodel/model
hope it helps
What do you mean by accessed?
accessed
I want to see the latest timestamp when the datamodel was used by a dashboard or alert or savedsearch
I don't think this is exactly it but it may lead you to the right path
| rest /services/datamodel/model |search eai:appName=search | table updated
The updated field shows when the model was last updated.
