Fetch VPN user details from one search and use the username to get details like email addresses from another search.
index=## host= ## sourcetype="##" source="#.log" eventtype=# parent session started
| table user host src_ip group
This lists details like:
user host src_ip group
bxxxx.gwwww x.x.x.x x.x.x.x Finance
I would like to add more details to the table like email address of the person and location which i can get from
Full_Legal_Name: Mr.ttt ccc
How do I take the user details from the first search like ( bxxxx.gwwww) and match it to the second search to get the email address and other info?
The only partially matching value between 2 searches is the users name , there are no field matches between both searches.
... View more