Hello,
Hopefully, you will understand what I mean...It was not clear how I could formulate a search to find some documentation.
I got an index, with a lot of fields [ f1, f2, f3, ... ]. Let's say that field f1 is the url from the proxy, and f2 is the source_ip of the request. What I would like is from a set of specific "source_ip", all the url that has been accessed by these "source_ip", and the url needs to be accessed by every single IP...
Any idea how can I emplement the query in Splunk ?
Thanks.
↧