Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

get latest value and timestamp

a212830
Champion
‎02-07-2013 01:28 PM

Hi,

How would I go about getting the latest value of a search, along with the timestamp of that search? I want to include it in a table.

Tags (2)
Reply

stoomart
Path Finder
‎03-28-2017 11:34 AM

I've found the stat functions 'earliest' and 'latest' work best for time-dependent field reporting:

... | stats latest(_time) as _time, latest(X)
Reply

a212830
Champion
‎02-07-2013 08:40 PM

Sorry that I wasn't more specific. I want to grab data from the previous hour, and I want to get the value of the last event, along with the timestamp associated with that last event. I'll try these, but I'm don't think they are what I'm looking for...

0 Karma
Reply

Paolo_Prigione
Builder
‎02-07-2013 03:23 PM

I think you are looking for:

| head 1
| addinfo

The time the search was executed will be in the info_search_time field

Reply

sbrant_splunk
Splunk Employee
Splunk Employee
‎02-07-2013 03:02 PM

You can also get the most recent value of a particular field using the "first" function in stats:

... | stats first(X)
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-07-2013 02:43 PM

This would get you the latest result:

... | head 1

Not sure if that's what you want, hard to guess from the question.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...