Hi, I need to match events across different logs. I believe that this should be done using transactions, but I'm not able to get it to work. My scenario is as follows:
Log A: has info about users logging into System A
Log B: has info about users logging into System B
If a user appears in one, it should have a companion entry in the other.
I need to find all users that logged to one, but not the other.
Individually, I can find users in each log by doing a simple:
search index=indexA userName
but I can't find a way of saying "once you find it in indexA, look for it in indexB, and alert me if you can't"
Any advice is greatly appreciate.
... View more