×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Sangeeta_1
Explorer
Member since: ‎09-25-2024
‎09-26-2024
Community Statistics
Posts 3
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎09-25-2024
View All

Re: How to get an output containing all host detai...

by in Splunk Search
‎09-25-2024 08:15 AM
‎09-25-2024 08:15 AM
Hi @ITWhisperer  Thanks for your comment, but metadata contains limited to a certain time in history, like I can get the data for only last 30 days or so. ... View more

Re: How to get an output containing all host detai...

by in Splunk Search
‎09-25-2024 08:14 AM
‎09-25-2024 08:14 AM
Thanks @gcusello for the help. But I am getting future dates like below, but the search was for the last time when I am getting any event w.r.t all the host. I have selected date range as all time. Can you please suggest here? 2031-12-11 08:40:08 2025-01-11 09:05:56 2024-10-30 08:12:49 ... View more

How to get an output containing all host details a...

by in Splunk Search
‎09-25-2024 12:52 AM
‎09-25-2024 12:52 AM
How to get an output containing all host details of all time along with their last update times?  Below search is taking huge time, how to get this optimized for faster search - index=*| fields host, _time | stats max(_time) as last_update_time by host | eval t=now() | eval days_since_last_update=tonumber(strftime((t-last_update_time),"%d"))-1 | where days_since_last_update>30 | eval last_update_time=strftime(last_update_time, "%Y-%m-%d %H:%M:%S") | table last_update_time host days_since_last_update   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎09-26-2024 03:34 AM
Karma given to
View All