I have data which add new files every day. I want to compare today's data with previous day/week/month/year data and list out new files. Is it possible to list out? I have gone through Splunk answers to find solutions. I found below search to compare files from yesterday.
sourcetype=nessus source=*Host_Enumeration* earliest=-1d@d latest=now NOT [search sourcetype=nessus source=*Host_Enumeration* earliest=-3d@d latest=-2d@d | stats count by dest_ip | dest_ip]| stats count by dest_ip | dest_ip
I changed the time-range in the search to find new files from previous week/month/year as below
sourcetype=nessus source=*Host_Enumeration* earliest=-1d@d latest=now NOT [search sourcetype=nessus source=*Host_Enumeration* earliest=-6w@d latest=-2d@d | stats count by dest_ip | dest_ip]| stats count by dest_ip | dest_ip
With the above code, the result has previous day `(earliest=-3d@d latest=-2d@d)` files.
Why it is listing previous files ? Is there any other possibility to find solution for this scenario?
Thanks in Advance
Chandana
↧