Hey all,
I'm trying to build a search where the system takes a look at whether or not two fields match across multiple events, and if they do, perform a historical comparison of another field's value, and if those two values mismatch, give me some way of figuring out if they do. IE a "1" value in a new field, or removing the event from the report I'm generating. Basically, a breakdown is as follows:
If across multiple events, value A & value B = value A & value B, then compare whether or not value C has the same value it did in the last 96 hours. If it does NOT, either a) remove the event from the report, or b) generate a TRUE/FALSE, or maybe a "1" in a new column to be output onto a table.
Hope this makes sense. Anyone that can help would be a huge help, as this would reduce workload massively.
Thanks,