I want to tracking login and logout users on computers with timebased lookup. I have logon and logoff time for example in timebased-lookup; _time,user,host,type 09:00AM, someuser1, ComptuerA,logon 10:00AM, someuser1, ComputerA,logoff 10:00PM, otheruser2, ComptuerA,logon 11:00PMi otheruser2, ComputerA,logoff and if I do another search with just the account name ı want to see logged user in a timerange. The other raw log is; 09:00AM host=ComptuerA type=infection file=malware.exe for example ; 11:00AM host=ComputerA type=scanning 11:34PM host=ComputerA type=cleaning How do I add username someuser1 only to events between 9 o'clock and 10 o'clock on computerA with timebased-lookup? Thank you for helping.
... View more