Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Creating a table that includes a column for date/time of an event

Kuronoa
New Member
‎06-02-2021 07:19 PM

Hello! I'll try to keep things as brief and concise as I can, but what you need to know is that I'm currently building a dashboard that tracks various criteria of windows machines, and depending on the conditions of these criteria, a score is assigned to each category, and when a specific host reaches a high enough score, it is considered for decommission.

One of the criteria involved with determining the scoring for whether or the likelihood of a host needing decommission is how long ago somehow has logged into said host.

I was wondering if anyone had any suggestions as to run a search and use eval to add a column containing the recorded time each windows event was received 

below is an example of what one of the splunk events looks like using our index

Kuronoa_0-1622686499242.png

And here is a mockup designed to help better explain what I'm trying to do here:

Kuronoa_1-1622686751735.png

 

Thanks for taking the time to read my question!

Labels (2)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎06-02-2021 10:01 PM 
| eval dayssincelastlogin=(relative_time(now(),"@d")-strptime(lastlogindate,"%m/%d/%Y"))/(60*60*24)
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

 Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team for an ...