im doing a username search and i want two fields in my results table to be the time the user sarted the connection and also when they disconnected the session to the network. What is this information classified as, and wat field would it be called?
thanks
happy splunking
blake
im searching sys logs, on a windows system....ive also read through the documentation text with no success so far. I want to show a connection start and end time in a form search results field
???????????????
The problem is there is not enough information to help you with your question. What are type of system are they connecting to? Unix, Windows...
Also have you had a chance to go through the knowledgebase?
http://www.splunk.com/base/Documentation/latest/User/HowSearchCommandsWork
http://www.splunk.com/base/Documentation/4.1.3/Knowledge/Aboutfields
http://www.splunk.com/base/Documentation/latest/User/SearchExamples
Here a few that may help.
Travis.
What sourcetype are you searching?
so people will click minus one but cant answer a simple question. This site really is disappointing me