I would like to use the transaction command to find adjacent log entries with the same IP and different Session IDs.
Ideally, I would only like to return adjacent pairs of log statements with at least a 15 minute timestamp difference between them.
Here is the REX I'm using to extract SESSION_ID:
rex field=_raw "-S:(?\w+)-"
Thanks!
Jonathan
↧