I'm looking to find matching field (lets call this field action) from 2 different host with the same sourcetype.
example Sourcetype=pan host=1 and host=2
I'm looking to create a ta table that would show the matching field for field action (I only want the matching field to generate result)
so if host 1 has action=allowed and host 2 has action=allowed. I want to create a table that would include the time, action, src, dest.
↧