Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

How to get latest time entry from datetime field value.

$
0
0
I have One field value as datetime field and I want the data of only latest time. how can I write Query. My current search is index="ad_dns_new" sourcetype="resolve_json"|eval k=strptime(DateTime,"%Y-%m-%dT%H:%M:%S")|eval New_Date=strftime(k,"%d-%m-%Y %H:%M:%S") | table HealthCheck,Result,New_Date,Customer|chart values(Result) as Result over HealthCheck by New_Date. I am attaching image of my current output. From that I want data of 11the nov 15:36:57. How Can I do it? I look forward to hearing from you. ![alt text][1] [1]: /storage/temp/257604-example.png

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>