Is there a splunk search idiom that I can use to get all the events in a dataset whenever a particular field value ***A*** changes over time with respect to another field value ***B***?
For example, if I have a dataset of users and their availability statuses, how can I get all the events (times) for when each user's status changes:
> t1 Bob available > t2 Bob available > t3 Bob busy > t4 Bob busy> t5 Bob busy> t6 Bob available
Is there a search result that will just return the events at ***t1, t3, and t6***?
↧