Searching for the Most Recent Data from Layer8Insight Agents

Trying to find the latest events reported to Splunk by Layer8Insight Agents? Are you missing data for specific hosts?

Execute the following query in Splunk using one of the Splunk Search dashboards. It will reveal the last event sent per host and per event type.

You can filter the data by adding search filters before the "|" character, e.g., (index=layer8* user="<TARGET_USER_NAME>" | ), or you can change "host" to "user" to see the history per user.

index=layer8* <SEARCH_FILTER>
| stats latest(_raw) as latest by host sourcetype

Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk