I would like to take the value of a field and see if it is CONTAINED within another field (not exact match). The text is not necessarily always in the beginning. Some examples of what I am trying to match:
Ex: field1=text field2=text@domain
Ex2: field1=text field2=sometext
I'm attempting to search Windows event 4648 for non-matching usernames. We have users with admin accounts that are very close to their unprivileged account names but with a couple characters added.
You can do something this
your search | eval result=if(like(field2,"%".field1."%"),"Contained","Not Contained")