Hello I'm using splunk to send notifications when cisco vpn account connect now I have to add each account to rule if I want to configure rule when the user contains specific word then splunk send notification how can I do that? now I'm using Device IP Address= x.x.x.x Passed Authentications UserName="firstname1.lastname1.vpn" OR "firstname2.lastname2.vpn" | stats values(UserName) as user by UserName | table UserName vpn attribute is common between users so I want to check if any account.vpn connected then splunk run rule and send me email notification
... View more