am new to Splunk and have a very basic search that give output as below for vpn users..
User Group ASA_Device int_ip ext_ip City Country time count
user1 rsa asa1 x.x.x.x x.x.x.x Ottawa Canada x:x:x 1
user2 cert asa2 x.x.x.x x.x.x.x Delhi India x:x:x 2
user1 rsa asa1 x.x.x.x x.x.x.x Mexico City Mexico x:x:x 1
I want to set up an alert if user1 or any user connect from different city and country than its usual location.
... View more