I am trying to pull information from the ePO server into Splunk to detect agents that are not reporting in. On the device itself, it does report a communication failure, but that is generally when there is no connection. On the ePO server, the best way to determine what we are looking for is to look at the last login time which checks each agent every 60 minutes. How can I search in Splunk to show devices that aren't reporting after 60 minutes? Any information is greatly appreciated. Thank you.
... View more