Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Creating a table that includes a column for date/time of an event

Kuronoa
New Member
‎06-02-2021 07:19 PM

Hello! I'll try to keep things as brief and concise as I can, but what you need to know is that I'm currently building a dashboard that tracks various criteria of windows machines, and depending on the conditions of these criteria, a score is assigned to each category, and when a specific host reaches a high enough score, it is considered for decommission.

One of the criteria involved with determining the scoring for whether or the likelihood of a host needing decommission is how long ago somehow has logged into said host.

I was wondering if anyone had any suggestions as to run a search and use eval to add a column containing the recorded time each windows event was received 

below is an example of what one of the splunk events looks like using our index

Kuronoa_0-1622686499242.png

And here is a mockup designed to help better explain what I'm trying to do here:

Kuronoa_1-1622686751735.png

 

Thanks for taking the time to read my question!

Labels (2)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎06-02-2021 10:01 PM 
| eval dayssincelastlogin=(relative_time(now(),"@d")-strptime(lastlogindate,"%m/%d/%Y"))/(60*60*24)
0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...