SPL
Get Sourcetype and Index Info via TSTATS
Description
Use the following simple tstats query to return the latest time events came in for a given index as well as list all sourcetypes for each index:
10 0
|tstats values(sourcetype) as Sourcetype latest(_time) as Time groupby index | convert ctime(Time)
Comments
0 total
Be the first to comment on this SPL.
Leave a comment
You must log in to post a comment.