I have two indexes.
1- dns log with source IP with _time field
2 - dhcp log with dhcp IP with _time field
I figured out a way to match source IP of DNS Log and source IP of DHCP Log. However, what concerns me is the differences in time between these two indexes. Is there anyway to display the table as DNSTIME, DHCP TIME (approximately 5m windows different), DHCPhostname ???
I would really appreciate if anyone could help me with this!