Hi Splunk Gurus,
I would like to know if this is possible.
Scenario: I have a webhook alert named Onboarding
The output of that search has a field called Usernames1 which has 1000 entries.
I want to set up a new Alert called Leaving and it will have it's own search which outputs another set data into a field called Usernames2
My problem: I want the Alert Leaving to compare it's field Username2 to Alert Onboarding field Usernames1 AND if there is a match, output the matching results to new field called match
A bit on the complex side but can that be done? Please help with syntax.