we have some new hosts added in our instance. we need to built a search to check for newly added hosts.
We have used the below search but that is giving all the hosts that have communicated in the past 7 days rather than the ones that are newly added.
| metadata type=hosts |eval SevenDaysBack = relative_time(now(), "-7d@d")
| where firstTime > SevenDaysBack
| eval hostAdded=strftime(firstTime, "%d-%m-%Y %H:%M")
| table host, hostAdded | sort hostAdded
Also metadata does not go well with timerange picker. the above search is not taking the time range as well.
Is there any other way that we can find a solution to this?
... View more