Actually the scenario is, whenever anyone gets any weblink in email, I want to check that that link is tried access or not.
I am getting the web link from teh first search mimecast_for_splunk URL=*
the result for this search could be anything, whatever we get from outside.
but want to compare this result with my web logs i.e. sourcetype="pan:threat" URL=*
now I need the URL that are matching in both the log sources.
hope this explains
... View more