Hi guys,
I have two indexes with two different types of syslogs. Both logs contain a common field (username) and I would like to be able to pair them up to form a single event/result.
Could someone please advise the best way to approach this task? I assume I would need to form a common field between the two event types but how would I then display the common field alongside independent fields from both indexes?
I hope that makes sense, struggled to explain that one!
Thank you!
↧