Hi everybody,
I am new to Splunk. I have a question about Splunk query.
Here are some sample logs (timestamp ordered) which record users' success attempts and failure attempts:
TimeStamp UserName Status
t7 UserA success
t6 UserA failure
t5 UserB success
t4 UserC failure
t3 UserC success
t2 UserD failure
t1 UserE success
My question is what should the query like if I want to find out users whose first attempt failed and then second attempt succeeded? .
Thanks.
... View more