I am creating a report off of logs files. In this report I am looking to list out the number of times particular actions were took. The two IF statements below produce data as expected when ran alone, but when ran together one of the fields is empty and the other list all the values as 0's.
sourcetype = drupal_app_logs domain_type = "clientportal" email != "*surfspamfree.com" email !="*@littler.com"
|eval Portallogins=if((trim(upper(action))=trim(upper("User Login")) AND trim(upper(domain))=trim(upper("Login Portal"))),1,0)
|stats sum(Portallogins) as "Portal Logins" by email
|eval Globallogins=if(like (message,"%portal.littler.com/apps/global-guide"),1,0)
|stats sum(Globallogins) as "Global Logins" by email
|join type=left email
[|search index=onelogin_roll role_id{} != null]
|table email,firstname, lastname,company,last_login,"Portal Logins","Global Logins"
|sort company
Any help is greatly appreciated.
↧