Hello All on Splunk Answer.
I have following very simple search:
****index=*proxy* domain="somedomain.com"
| stats values(url) values(action) values(respcode) count by src_ip****
In events from proxy I don't have information about user who accessed urls and I wanted to get this information from Windows related events:
by following search:
***index=*windows* EventCode=4624 Source_Workstation!="-" AND user!="*$"
| stats count by src_ip,user]***
Is there any sollution how to add user field to stats table for accessing particular domain ?
I though about using join appendcols commands.
Thanks a lot for your help.
↧