Hi,
I'm looking to write a splunk search that joins consecutive similar events.
The data is of IP Addresses allocation to machine names, so the lines are of the following format:
[Start Time],[End Time],[Hostname],[IP Address]
10:00,10:15,MINE-PC,10.0.0.2
10:15,12:00,MINE-PC,10.0.0.2
12:00,12:45,MINE-PC,10.0.0.5
12:45,13:08,MINE-PC,10.0.0.5
13:08,13:37,MINE-PC,10.0.0.2
I would like to join all consecutive identical IP Addresses so the results should look like:
[Start Time],[End Time],[Hostname],[IP Address]
10:00,12:00,MINE-PC,10.0.0.2
12:00,13:08,MINE-PC,10.0.0.5
13:08,13:37,MINE-PC,10.0.0.2
Could anyone please provide a short search code?
Thanks,
Ori.
... View more