Hello,
I have a search that will extract a field to a summary index and I want to search that field in a specific index after 5 min
Ex;
index=applications message="Request from suspicious actor*" | fields srcIp | | collect index=siem-summary source=example-summary
then 5 min later, i would like to lookup that srcIp in network=index
Thanks in advance!
↧