splunk latest event for each host
https://stackoverflow.com/questions/9863861
-
26-05-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am trying to get the latest event timestamp for each host, google search found below:
|metadata type=hosts | table host, lastTime
it seems worked, returned the host and the timestamp, however, the timestamp is an big integer number, how do I convert to local time?
also how do I filter it so it only return certain hosts?
Thanks.
Solution
For the time formatting - try this post: Splunk convert extracted field in currently milliseconds to HH:MM:SS
For the host search - you should be able to | search host=XXXX
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
