Archive

Oldest Log per Index

ssingh5
Path Finder

How can create a table containg date and time of oldest and most recent log per index in splunk ?

Tags (2)
0 Karma

imrago
Contributor
index=* | stats first(_time) as latest  last(_time) as earliest by index | convert timeformat="%Y-%m-%d %H:%M:%S" ctime(earliest) ctime(latest)