I've something of a challenge: How to best generate a single event in a summary index that is based on a transaction across four different fields when there is not a 1:1 relationship across all the f...
Scenario:
I am searching email event logs. I can find some of the needed fields by a unique id (UID) and I find some fields by diffferent unique id (X-UID). Some events contain both UID and X-UID...
When searching for email addresses in our sendmail logs, it helps to see the full transaction by using the queue id (qid) field.
Search command:
sourcetype="sendmail_syslog" | transaction fiel...
So I’m trying to link a couple different fields together to get the data I’m looking for, but it involves a couple steps and not sure how to put this subsearch together. I’ve been able to extract fie...
I'm sorry, I am not even sure how to ask this question or whether the subject line really explains what I am after.
I am looking at IronPort logs and have to nest a search in order to get all the ...
I have a multithreaded application that writes out intermingled logs and having performance issues searching with transactions, and looking for a simpler way to coalesce events.
simplified mylog.l...
I have one set of logs showing authentication which contain time stamps, user names, and IP addresses (source 1). I'd like to leverage that data against a different set of logs where I have timestamp...