I need to generate a daily report in splunk with the list of all the indexes and their earliest event(timestamp) and their latest(timestamp). Is there a way to do it? I have the below queries.
For the start and end time:
| metadata type=sourcetypes index=XXX | stats min(firstTime) AS begin max(lastTime) AS end
For the list of indexes:
| eventcount summarize=false index=* dedup=index | top 0 index | fields index
... View more