how to track lag between log timestamp and time arrive in Splunk

Path Finder

Wanted to track lag between log generated in host server and time arrive in Splunk.
Any search can achieve that?

Tags (1)
0 Karma


hello leonjxtan
the field you are looking for is _indextime
latency is _indextime -_time
here is a full answer from this portal:
it explains it in detail and provides some examples as well
hope it helps

0 Karma