Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How search for metrics for items not on within last 90 days?

willsy
Communicator
‎04-14-2023 02:25 AM

Hello,

Trying to complete a search that uses metrics to monitor when a device has not been connected for the last 90 days.

| mcatalog values(id) WHERE index=AM AND metric_name=CN AND type="device" by id | table id

This shows the devices that are currently connected.

I have an input lookup with the device inventory as Device_Inv.csv

Is there a way to create a search that looks at the lookup table and uses metrics to see if it has not been online for 90 days or above?

Many thanks

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution

willsy
Communicator
‎04-15-2023 01:58 PM

Absolute champion or as your tag says esteemed legend. I needed the append=true and the logic of how to do it. thank you so much

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...