I cant imagine this is possible, but splunk continuously surprises me, so ill ask:
Is there anyway to exclude results, from the same host, + or - 2 seconds from a match.
(or N seconds/minutes)
example, in this image below, id like to exclude the results above and below the match on the ip address 68.x.x.x ? (this is just an example, i know i could get to my goal in this case by just showing IP matches, and investigating any IPs not on a known good IP lookup csv)