cmutt78
commented
2 years ago added the exclusion for cloud systems but leaving host intact
Closed jward51 closed 2 years ago
cmutt78
commented
2 years ago added the exclusion for cloud systems but leaving host intact
Suggested updated query :
index=_internal NOT host = splunkcloud |stats max(_time) as lastSeen by host |inputlookup append=true ss_asset_tracker |dedup host sortby - lastSeen | eval host = lower(host) |table host lastSeen |outputlookup ss_asset_tracker