Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How search for metrics for items not on within last 90 days?

willsy
Communicator
‎04-14-2023 02:25 AM

Hello,

Trying to complete a search that uses metrics to monitor when a device has not been connected for the last 90 days.

| mcatalog values(id) WHERE index=AM AND metric_name=CN AND type="device" by id | table id

This shows the devices that are currently connected.

I have an input lookup with the device inventory as Device_Inv.csv

Is there a way to create a search that looks at the lookup table and uses metrics to see if it has not been online for 90 days or above?

Many thanks

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution

willsy
Communicator
‎04-15-2023 01:58 PM

Absolute champion or as your tag says esteemed legend. I needed the append=true and the logic of how to do it. thank you so much

0 Karma
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...