Henry
Reputation: 384
splunk latest event for each host
I am trying to get the latest event timestamp for each host, google search found below:
|metadata type=hosts | table host, lastTime
it seems worked, returned the host and the timestamp, however, the timestamp is an big integer number, how do I convert to local time?
also how do I filter it so it only return certain hosts?
Thanks.
Upvotes: 0
Views: 1416
Answers (1)
Paul Sanford
Reputation: 228
For the time formatting - try this post: Splunk convert extracted field in currently milliseconds to HH:MM:SS
For the host search - you should be able to | search host=XXXX
Upvotes: 1
Related Questions
- Splunk query to find previous requests from different ip
- Splunk cli search to get all events
- Splunk : extract multiple values from each event
- Splunk logging on multiple dynamic instances
- Splunk: How to get N-most-recent values for each group?
- How to get url to specific splunk event?
- Splunk query filter out based on other event in same index
- Splunk: Stats from multiple events and expecting one combined output
- Filtering duplicate entries from Splunk events
- Splunk - Merging Associated Events