Deployment Architecture

Which Field Should I look at to find the task created in Unix servers

kaskirana01
New Member

Hi, I have raw unix logs and I have to create an use case to find the schedules task created by the users. I f I search for the keyword "cron" then it's listing out all the schedules jobs including it's run time etc. I need to get the events which states the 1st time creation of task. What is the logic for this?

Tags (2)
0 Karma

lycollicott
Motivator

| search .....whatever..your..search..is...... | tail 1

That will give you the oldest result of your search.

0 Karma

kaskirana01
New Member

Thanks,
But is there any particular field which should look into?
If I do as you said, that will not give me clear output

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...