Example:
Fetch VPN user details from one search and use the username to get details like email addresses from another search.
index=## host= ## sourcetype="##" source="#.log" eventtype=# parent session started
| table user host src_ip group
This lists details like:
user host src_ip group
bxxxx.gwwww x.x.x.x x.x.x.x Finance
I would like to add more details to the table like email address of the person and location which i can get from
index=@@ sourcetype=@@
Company: xyz
Employee_ID: aaa
Full_Legal_Name: Mr.ttt ccc
Future_Termination_TF: 0
Location: ddd
Primary_Work_Email: bxxxx.gwwww@xyz.com
How do I take the user details from the first search like ( bxxxx.gwwww) and match it to the second search to get the email address and other info?
The only partially matching value between 2 searches is the users name , there are no field matches between both searches.
... View more