Thank you for answers.
I am sorry that there is little explanation.
Currently only A logs are acquired.
The attached file name is not displayed in the A log, I will try to acquire it from the B log.
* The attached file name is displayed in the B log.
Therefore, compare the message IDs of the A log and B log, and in the same case, want to be able to output the attachment file name of the B log.
Currently the following search sentences are used.
Index = A log logtype = message_log from = "" subject = ""
| 【omitted】
| table subject, count, from
| collect index = xxx source = "yyy" sourcetype = generic_single_line
I would like to add the attached file name to the output result of the search sentence that is finally being used.
I would like to display the attachment file name that is linked to the message ID
... View more