I like to create a trigger which fires based multiple conditions
Example Scenario:
A per person is entering a room and the door sensor sends an open event to splunk.
Next the person switch on the light. The light sensor send the "on" event to splunk.
The person leaves the room without switch the light off. A door close event is send to splunk.
Result the person forget to switch of the light. I like to detect this.
I have two indexs
Index 1: DoorSensors
Timestamp, DoorID, State
2017-10-06 12:01:30, Door1, Open
2017-10-06 12:03:50, Door1, Close
Index 2: LightSensors
Timestamp, LightSensor, State
2017-10-06 12:01:35, Light1, On
How to detected by a alert trigger that someone forgot to turn off the light?
I like to run this in real-time.
↧