any body advise me why the below query is not showing the the IP's whereas I am sure that there are some IP's who are bluecoat logs but not in websense logs:
index=websense sourcetype=websense src NOT [search index=bcoat sourcetype="bluecoat:proxysg:access:file" | fields src ]
↧