Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

Compare results from day to day

$
0
0
Let's assume I have data structured like this: |timestamp|user|action| |2019-09-10 13:40|user1|action1| |2019-09-10 12:40|user2|action2| |2019-09-09 12:40|user3|action3| |2019-09-09 13:40|user1|action1| |2019-09-09 12:40|user3|action4| |2019-09-09 11:40|user1|action1| |2019-09-09 09:40|user2|action2| Now, I would like to search for events where users have performed the same actions, in this case, I would like to have these events in my search: |2019-09-10 13:40|user1|action1| |2019-09-09 13:40|user1|action1| |2019-09-09 11:40|user1|action1| |2019-09-10 12:40|user2|action2| |2019-09-09 09:40|user2|action2| I tried subsearches and selfjoin, but to no avail. In what direction should I look?

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>