I have a search that returns a table like this:
IPAddress1 StartDate1 EndDate1
IPAddress2 StartDate2 EndDate2
IPAddress3 StartDate3 EndDate3
I'd like to have another search to find data about each IP address between the start and end dates in the table. Is there any way to do this and have the results combined into a single result set?
Put another way, given the table above, I'd like to combine the following three searches into one:
sourcetype=blah src=*IPAddress1* earliest=*StartDate1* latest=*EndDate1*
sourcetype=blah src=*IPAddress2* earliest=*StartDate2* latest=*EndDate2*
sourcetype=blah src=*IPAddress3* earliest=*StartDate3* latest=*EndDate3*
The caveat being that I don't know in advance how many entries the table will have. Does anyone know of a non-manual way of doing this?
Thanks in advance for any advice you can give!
↧