I want to create a search that displays any newly added sourcetypes in the past 24 hrs. I've created a report that outputs a lookup table and is scheduled to run/update once a day. My report search string is below:
... | inputlookup lookup.csv append=t | stats count by sourcetype | table sourcetype | outputlookup lookup.csv
I am struggling to figure out a way to search the lookup table for newly added sourcetypes. Does anyone know how I could do that? Or is there a better method in trying to accomplish this?
... View more