Splunk Search

Find Knowledge Objects created in last 24 hours

vamsigurram
Path Finder

 

I am looking for SPL, that can give me list of all the knowledge Objects, created in last 24 hours, in search app.

I looked at the below rest SPL, but i did not see creation time. 

| rest /servicesNS/-/search/directory

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Most KOs do not have a creation time in their REST output.  There is update_time, but it is rarely anything other than zero.

You can try looking in _audit and the access logs to creations, but I suspect you'll be less than successful.

You could do regular commits to a source management system and let it find the new objects for you, but that likely has its own limitations.

---
If this reply helps you, Karma would be appreciated.
0 Karma

vamsigurram
Path Finder

Thanks richgalloway for the reply.

I will check _audit and see if that helps.

I will reply back with my findings.

0 Karma
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...