Solved: searching changes in the specified field

rsathish47 · ‎04-22-2014

Hi All,

I have search which runs every four hours collecting the mailbox details. i need to alert or notify if any change in the specified field

Event @ 0
MailboxA CA=1 CA2=3
.
.
MailboxZ CA=2 CA2=3

Event @ 4
MailboxA CA=3 CA2=3
.
.
MailboxZ CA=2 CA2=3

Answer:

MailboxA changed CA1 vlaued 1 to 3

Please let me know how to perform this

MuS · ‎04-23-2014

Hi rsathish47,

try something like this:

YourBaseSearchHere | streamstats current=f last(CA) as last_CA by Mailbox | where CA!=last_CA | ...

this assumes that you have a mailbox field extracted that represents MailboxA and/or MailboxZ

hops the helps to get you started ...

cheers, MuS

MuS · ‎04-23-2014

Hi rsathish47,

try something like this:

YourBaseSearchHere | streamstats current=f last(CA) as last_CA by Mailbox | where CA!=last_CA | ...

this assumes that you have a mailbox field extracted that represents MailboxA and/or MailboxZ

hops the helps to get you started ...

cheers, MuS

rsathish47 · ‎04-25-2014

Thanks Buddy .. it works 🙂 🙂

searching changes in the specified field