Here's my command:
| metadata type=hosts index= | sort lastTime | convert ctime(lastTime) as Latest_Time | sort -lastTime | table host,Latest_Time
Now, I know that this might not be the most efficient command in the world, but I'm sort of a n00b. What I am now attempting to do from this is take resulting hosts who's "Latest_Time" > 24 hrs and alert on those hosts.
If you're wondering why I sorted twice, for some reason the way I built the command, it wasn't sorting properly, when I sorted again, it worked. Any help on this matter would be greatly appreciated.
... View more