I have two different logsource,
ProxyLogs: Contains "ipaddress" and "username"
WebLogs: Conatains "IP_address" and whole other stuff like UserAgent, Time, Branch,HostName,loginname
I have a query that is giving me following things which i want
TIme, IP, hostname, UA, loginname, Branch
But my requirement is to Lookup the individual "ipaddress" from ProxyLogs in the Weblogs and find the matching username (i.e who that IP belongs to)
Time, IP, hostname, UA, loginname, Branch, username
I have this so far:
sourcetype=WebLogs (**other- logic**)| stats count by Time,IP_address,HostName,UserAgent,loginname,Branch| rename IP_address as IP | rename UserAgent as UA | join IP type=outer [search sourcetype=WebLogs |fields username ipaddress]
But this result in random user every i run the search.
Any help will be really appreciated.
↧