Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How search for metrics for items not on within last 90 days?

willsy
Communicator
‎04-14-2023 02:25 AM

Hello,

Trying to complete a search that uses metrics to monitor when a device has not been connected for the last 90 days.

| mcatalog values(id) WHERE index=AM AND metric_name=CN AND type="device" by id | table id

This shows the devices that are currently connected.

I have an input lookup with the device inventory as Device_Inv.csv

Is there a way to create a search that looks at the lookup table and uses metrics to see if it has not been online for 90 days or above?

Many thanks

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution

willsy
Communicator
‎04-15-2023 01:58 PM

Absolute champion or as your tag says esteemed legend. I needed the append=true and the logic of how to do it. thank you so much

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

What is the Builder Bar? The Builder Bar is more than just a place; it's a hub of creativity, collaboration, ...

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...