Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Which Field Should I look at to find the task created in Unix servers

kaskirana01
New Member
‎07-26-2016 05:53 AM

Hi, I have raw unix logs and I have to create an use case to find the schedules task created by the users. I f I search for the keyword "cron" then it's listing out all the schedules jobs including it's run time etc. I need to get the events which states the 1st time creation of task. What is the logic for this?

Tags (2)
0 Karma
Reply

lycollicott
Motivator
‎07-26-2016 06:43 AM

| search .....whatever..your..search..is...... | tail 1

That will give you the oldest result of your search.

0 Karma
Reply

kaskirana01
New Member
‎07-26-2016 11:59 PM

Thanks,
But is there any particular field which should look into?
If I do as you said, that will not give me clear output

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...