I am new to Splunk (Enterprise Security) and I am stuck on making a certain correlation search.
An example of the events I get:
1) 1/1/2018 12:00:00 | voltage=200
2) 1/1/2018 12:00:01 | voltage=400
3) 1/1/2018 12:00:02 | voltage=200
4) 1/1/2018 12:00:03 | voltage=200
Is it possible to get the events in a range of 1 second of each other where the difference in voltage is more than 100?
So what I mean is that I need for every combination of 1 second a control that the difference is more than 100.
So the result needs to be:
- event 1: difference between 1 and 2 in voltage is more than 100
- event 2: difference between 2 and 3 in voltage is more than 100
Can someone help me with this? I have no clue how to solve this one...
Many thanks!
... View more