×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
DLThurston
Observer
Member since: ‎02-12-2021
‎02-12-2021
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-12-2021
Activity Feed
View All

Re: Finding Events Between Other Events

by in Splunk Search
‎02-12-2021 06:55 AM
‎02-12-2021 06:55 AM
Unfortunately no. What I'm basically attempting to do is create sessions where none exist within a text-based log that shows login/logout events, but where the actions in between are not tied to a session or to a user account. Fun, right? ... View more

Finding Events Between Other Events

by in Splunk Search
‎02-12-2021 06:06 AM
‎02-12-2021 06:06 AM
I might be confusing myself by making this harder than it is... Say I have a log where the events are: LOGIN ACTION (1) ACTION (2) LOGOUT LOGIN ACTION (3) ACTION (4) ACTION (5) LOGOUT What I would like is to be able to display all the ACTION events that happened between just the first LOGIN/LOGOUT pair and output: ACTION (1) ACTION (2) This is in a dashboard, and I've got dropdowns to identify each unique LOGIN event, those are working just fine. I tried a transaction, but I think that might be the wrong tool for the job, and I'm worried I got too fixated on that and am now missing the forest for the trees. What I want is all ACTION events bounded by the selected LOGIN and the next subsequent LOGOUT. So in terms of metacode I want something along the lines of... | search ACTION earliest=LOGIN._time latest=LOGOUT._time Does that make sense? Am I approaching this from the wrong direction? Or is this just a bit of search code I haven't figured out? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎02-12-2021 10:40 AM