write a splunk query to determine user activity in dbconnect in python

To determine user activity in dbconnect using a Splunk query in Python, you can use the following search command:

main.py
| rest /services/datainputs/jdbc/
| fields title, recent_metadata
| eval activity = case(
    isnull(recent_metadata.latest_input_time), "No recent activity",
    now() - strptime(recent_metadata.latest_input_time, "%Y-%m-%dT%H:%M:%S.%3N%z") < 86400, "Active",
    1==1, "Inactive"
)
| table title, activity

308 chars
9 lines

This query searches for all data inputs in Splunk and retrieves their titles and recent metadata. The eval command is then used to create an activity field, which uses a case statement to determine if the input has had recent activity, is currently active within the past day, or is inactive. Finally, the table command is used to display the results in a table with the input title and its activity status.

similar python code snippets

write program which search for duplicate events in splunk in python
throw and catch errors in python
open a file in python
connect to secrets manager in python
send an email in python
find urls in a string in python
how to create a class in python
loop in python
loop from 1 to 10 in python
how to create a flask app in python

related categories

`python
dbconnect
splunk
query
user activity`

gistlibby LogSnag