Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Opposite of "head" ?

the_wolverine
Champion
‎12-07-2010 07:27 PM

I'm trying to find out what the oldest occurrence of an event was - as in, opposite of head. Is there such a command?

I've tried using " * | reverse | head 1 " which works but is very slow and inefficient.

Tags (1)
Reply
1 Solution
Solved! Jump to solution

the_wolverine
Champion
‎12-08-2010 07:10 AM

w00t!!!!!!!!!!!

0 Karma
Reply
Solved! Jump to solution

Genti
Splunk Employee
Splunk Employee
‎12-07-2010 09:33 PM

awesome awesome awesome!!!

0 Karma
Reply
Solved! Jump to solution

araitz
Splunk Employee
Splunk Employee
‎12-07-2010 09:19 PM

tail fail tail fail

0 Karma
Reply
Solved! Jump to solution
Solution

fk319
Builder
‎12-07-2010 08:35 PM

'tail' is implimented in 4.1.5 http://www.splunk.com/base/Documentation/4.1.5/SearchReference/Tail

Reply
Solved! Jump to solution

Genti
Splunk Employee
Splunk Employee
‎12-07-2010 07:57 PM

| sort _time, that is, no - sign...

0 Karma
Reply
Solved! Jump to solution

Genti
Splunk Employee
Splunk Employee
‎12-07-2010 07:55 PM

i tried that, and then i tried * | sort -_time and this seems to be faster. I am unaware of a command that is the opposite of head...

0 Karma
Reply
Get Updates on the Splunk Community!

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...