Hello everyone,
I have been looking for an answer all over the forum and documentation, but it still won't work..
I have 2 differents fields: host="server1" OR sourcetype="ws.log"
They produce logs that have nothing in common, but some happens at the same moment on both servers. I want to display only these logs.
example:
all the logs:
log5 from server1 at 16:56:30
log4 from ws.log at 15:35:45
log3 from server1 at 15:35:45
log2 from ws.log at 12:44:23
log1 from ws.log at 11:43:55
display:
log4 from ws.log at 15:35:45
log3 from server1 at 15:35:45
Thank you for your help!
Kind regards
... View more