About ChethanNP

ChethanNP · ‎03-24-2022

Fixed! Thanks for the help Resolution: index=something displayMes="User update password" | where 'actordisplayName'!='targetUser' | table _time user, displayMes, actordisplayName, targetUser outcome.result

ChethanNP · ‎03-23-2022

yes, I did find the results using index=something displayMes="User update password" | table _time user, displayMes, actordisplayName, targetUser outcome.result that is why i wanted to remove where actordisplayName!=targetUser & see but that's not working.

ChethanNP · ‎03-23-2022

I don't see any results when i use "| where actordisplayName!= targetUser", maybe because some or other day between 30 days the actordisplayName would be the targetUser.

ChethanNP · ‎03-23-2022

Hi All, I was working on a case where i have 2 fields extracted as "actordisplayName" & "targetUser" in the same raw log. actordisplayName - who initiated the change, targetUser - to which user it was changed. index=something displayMes="User update password" | where actordisplayName!= targetUser | table _time user, displayMes, actordisplayName, targetUser outcome.result Running this for 30 days Requirement: I need to search only for users where actordisplayName & targetUser is not same. Eg: I want only the results for my admin/someone who has done password reset for me, I don't want the results for me resetting the passwords for my account. In short i need results for where actordisplayName & targetUser is not same.

Posts	4
Solutions	1
Karma Given	1
Karma Received	1
Member Since	‎03-23-2022

Online Status	Offline
Date Last Visited	‎03-24-2022 01:46 AM

How to display the results matching the same field...

Re: How to display the results matching the same f...

Re: How to display the results matching the same f...

Re: How to display the results matching the same f...

How to display the results matching the same field...