×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
tirelana
Engager
Member since: ‎03-30-2022
‎04-05-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎03-30-2022
Activity Feed
View All

Re: data catalogue

by SplunkTrust in Splunk Search
‎03-30-2022 10:47 PM
1 Karma
‎03-30-2022 10:47 PM
1 Karma
Use this search: | metadata type=sourcetypes index=* (Timerange picker matters, so run it in the same timerange as what you would consider all the sourcetypes being included. like last 7 days or last 30 days)   | metadata type=sourcetypes index=* | rename totalCount as Count firstTime as "First Event" lastTime as "Last Event" recentTime as "Last Update" | fieldformat Count=tostring(Count, "commas") | fieldformat "First Event"=strftime('First Event', "%c") | fieldformat "Last Event"=strftime('Last Event', "%c") | fieldformat "Last Update"=strftime('Last Update', "%c") for additional formatting. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-05-2022 06:47 AM
Karma given to
View All