Hi Team,
How to search which are the host and Source not sending logs. the below metadata search shows only host. How can i add source .
I need to column of source,Host,lasttime and duration.
|metadata index!=network* index=win* index=lin* type=hosts | table host sourcetype lastTime | stats max(lastTime) as lastTime by host | eval diff = now()-lastTime | where diff > 3600|sort - diff | eval lastTime=strftime(lastTime,"%Y-%m-%d %H:%M:%S") |eval Duration=tostring(diff,"duration")|fields - diff
Regards,
Syed
↧