I'm using splunk to send notifications when cisco vpn account connect
now I have to add each account to rule
if I want to configure rule when the user contains specific word then splunk send notification how can I do that?
now I'm using
Device IP Address= x.x.x.x Passed Authentications
UserName="firstname1.lastname1.vpn" OR "firstname2.lastname2.vpn"
| stats values(UserName) as user by UserName | table UserName
vpn attribute is common between users so I want to check if any account.vpn connected then splunk run rule and send me email notification