6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Splunk query to get max indexed timestamp for a source type\",\"text\":\"

I need Splunk query to get maximum indexed timestamp or latest indexed timestamp for a source type.

\\n\\n

Please help as I am stucked here for quite long.

\\n\\n

your help is highly appreciated.

\\n\\n

thanks

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Anshu\"},\"upvoteCount\":1,\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

This should do it.

\\n\\n

| tstats latest(_time) where index=* by sourcetype\\n

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"RichG\"},\"upvoteCount\":2}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","splunk",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/splunk/1","children":"splunk"}]}],["$","span","splunk-query",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/splunk-query/1","children":"splunk-query"}]}],["$","span","splunk-sdk",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/splunk-sdk/1","children":"splunk-sdk"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/5bab2b6e3041e22a2908f6a20f03fbfb?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"Anshu","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/8604431/anshu","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Anshu"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",69]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Splunk query to get max indexed timestamp for a source type"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I need Splunk query to get maximum indexed timestamp or latest indexed timestamp for a source type.

\n\n

Please help as I am stucked here for quite long.

\n\n

your help is highly appreciated.

\n\n

thanks

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",1]}],["$","p",null,{"children":["Views: ",1072]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","53843834",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/7329ada983c4168e237301dcedf0054b?s=256&d=identicon&r=PG","alt":"RichG","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/2227420/richg","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"RichG"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",9916]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

This should do it.

\n\n

| tstats latest(_time) where index=* by sourcetype\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",2]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","54896417",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/54896417","className":"text-blue-600 hover:underline","children":"Splunk Query to find greater than"}]}],["$","li","71734347",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/71734347","className":"text-blue-600 hover:underline","children":"Splunk search by given timestamp not the time of ingestion to splunk"}]}],["$","li","69985475",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/69985475","className":"text-blue-600 hover:underline","children":"Kusto - Splunk to Kusto Query conversion for "max(_time) as time by jobid | sort -time""}]}],["$","li","68866445",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/68866445","className":"text-blue-600 hover:underline","children":"Splunk - Assigning custom time"}]}],["$","li","68074074",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/68074074","className":"text-blue-600 hover:underline","children":"dispatch.earliest_time in savedsearches.conf file"}]}],["$","li","64427313",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/64427313","className":"text-blue-600 hover:underline","children":"Splunk showing wrong index time"}]}],["$","li","64336226",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/64336226","className":"text-blue-600 hover:underline","children":"Splunk: How to get N-most-recent values for each group?"}]}],["$","li","49309925",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/49309925","className":"text-blue-600 hover:underline","children":"Splunk query substract time"}]}],["$","li","46064539",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/46064539","className":"text-blue-600 hover:underline","children":"Splunk - Adjusting source file timestamp"}]}],["$","li","27922313",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/27922313","className":"text-blue-600 hover:underline","children":"How get max count of request in time in splunk"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Splunk query to get max indexed timestamp for a source type

Answers (1)

Related Questions