Hi,
I am using below query to find the newly added sourcetypes .
| metadata type=sourcetypes | eval time=now()-firstTime | where time
This tells you sourcetypes which are new in the last week ( 7
days):
| metadata type=sourcetypes
| eval firstAgoSeconds=now()-firstTime
| where firstAgoSeconds < (7 * 24 * 60 * 60)
| convert timeformat="%m-%d-%Y %H:%M:%S" ctime(firstTime) ctime(lastTime) ctime(recentTime)
@piebob, this is a duplicate:
This tells you sourcetypes which are new in the last week ( 7
days):
| metadata type=sourcetypes
| eval firstAgoSeconds=now()-firstTime
| where firstAgoSeconds < (7 * 24 * 60 * 60)
| convert timeformat="%m-%d-%Y %H:%M:%S" ctime(firstTime) ctime(lastTime) ctime(recentTime)
| metadata type=sourcetypes index="*"
| addinfo
| where (firstTime > info_min_time AND firstTime < info_max_time)
The above helps when you want to filter the value selected from TimeRangepicker.