Hi guys,
Apologies for the long winded title! I'm struggling to extract a common value from two indexes and get out any meaningful data. I have two products on our network that both include the IP address of a user's device. I would like to match the IP address in two seperate events and combine them into one result. The tricky part is that the timestamps are not idenitcal. An example:
Index=Red (Timestamp 11:00am)
userName=Bob Jones, userIP=192.168.2.12, userPass=true
Index=Blue (Timestamp 11:02:04)
NAME:bob.jones,IPADD:192.168.2.12,EventID:4682672
...
I would like the result to be formatted something like this:
Time Name IP EventID userPass
...
I'd be grateful if anybody could point me in the right direction. I have an ok-to-good understanding of RegEx but I've tried creating a common field and it never works as expected.
Thank you for any help you can provide!
↧