×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
HappyFeet
Engager
Member since: ‎09-28-2022
‎11-03-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎09-28-2022
View All

Re: Retrieve all latest rows that share the same _...

by in Splunk Search
‎09-28-2022 01:51 PM
‎09-28-2022 01:51 PM
I tried doing something similar with eventstats by counting the number events and grouping by _time to return all events that share the same count but it was not working as I wanted it to. Thank you. That's surprisingly simple ... View more

Retrieve all latest rows that share the same _time...

by in Splunk Search
‎09-28-2022 01:25 PM
‎09-28-2022 01:25 PM
I have an application that sends logs to Splunk every few seconds. These logs are "snapshots" which provide a static view of the system at the time they were taken/sent to Splunk. I am attempting to get the latest rows from Splunk and present them in a table. Latest rows are determined by _time. In the example below I want to retrieve the two last rows because they have the highest _time value. Any help would be appreciated. _time Name Status 9/28/22 8:14:08.968 PM SPID 1 Queued 9/28/22 8:14:08.968 PM SPID 2 Started 9/28/22 8:14:08.968 PM SPID 3 Failing 9/28/22 8:14:12.968 PM SPID 1 Started 9/28/22 8:14:12.968 PM SPID 2 Started   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎11-03-2022 05:25 PM
Karma given to
View All