Hi, I have raw unix logs and I have to create an use case to find the schedules task created by the users. I f I search for the keyword "cron" then it's listing out all the schedules jobs including it's run time etc. I need to get the events which states the 1st time creation of task. What is the logic for this?
| search .....whatever..your..search..is...... | tail 1
That will give you the oldest result of your search.
Thanks,
But is there any particular field which should look into?
If I do as you said, that will not give me clear output