Use the following simple tstats query to return the latest time events came in for a given index as well as list all sourcetypes for each index:
|
1 |
|tstats values(sourcetype) as Sourcetype latest(_time) as Time groupby index | convert ctime(Time) |
