Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How search for metrics for items not on within last 90 days?

willsy
Communicator
‎04-14-2023 02:25 AM

Hello,

Trying to complete a search that uses metrics to monitor when a device has not been connected for the last 90 days.

| mcatalog values(id) WHERE index=AM AND metric_name=CN AND type="device" by id | table id

This shows the devices that are currently connected.

I have an input lookup with the device inventory as Device_Inv.csv

Is there a way to create a search that looks at the lookup table and uses metrics to see if it has not been online for 90 days or above?

Many thanks

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution

willsy
Communicator
‎04-15-2023 01:58 PM

Absolute champion or as your tag says esteemed legend. I needed the append=true and the logic of how to do it. thank you so much

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...