Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

How to get tstats results independent of time range

$
0
0
Hi All, is it possible to get list of sourcetype by host and index irrespective of time range? I just want the list of index, host and sourcetype for which events are available, even if there is only one event in last 6 months for any sourcetype/host/index. The environment is very huge with 130K+ host sending data, the below query only returns the list if any event is there in selected time range, | tstats values(sourcetype) as sourcetype where index=* by index host | outputlookup host_list.csv If there any other faster/efficient way to get the results? Let me know if any other details are required.

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>