×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Neonbeeflash3
New Member
Member since: ‎09-21-2022
‎09-21-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎09-21-2022
Activity Feed
View All

Re: To which index does the sourcetype belong?

by in Splunk Search
‎09-21-2022 07:44 AM
‎09-21-2022 07:44 AM
I'm sorry if I explained wrong, each of the sourcetypes that I can filter with this search are related to an index. What I would like to see is which index they are related to. For example, one of the sourcetypes I get is called "hello" (example names) and this sourcetype is related to an index called "goodbye". What I would like to see in this search is the index to which "hello" is related. ... View more

To which index does the sourcetype belong?

by in Splunk Search
‎09-21-2022 06:25 AM
‎09-21-2022 06:25 AM
Greetings, I have been creating a search that collects all the sourcetypes that have not collected any information during the last 4 hours (Which I was able to accomplish). The thing is that I need to know which indexes these sourcetypes belong to in this same search. Any idea? This is the search: | metadata type=sourcetypes index=* | search sourcetype=* | where lastTime<now()-14400 | eval ageInSeconds = (now()- firstTime) | search ageInSeconds > 86400 | convert ctime(lastTime) ctime(recentTime) ctime(firstTime) | table sourcetype, lastTime ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-21-2022 11:20 AM