Hi ,
I have this query :
sourcetype= Filed=X [search sourcetype= Filed=X | iplocation IPAddress | stats dc(Country) AS Multiple_Country_login by Username | where Multiple_Country_login > 1 | table Username ] | iplocation IPAddress | dedup UserAgent | table Username, UserAgent , IPAddress| stats count by Username | where count > 1
which obviously shows me the stats of the usernames with the count where the count is bigger than 1.
but, i want now to print also the UserAgent AND IPAddress to all those Usernames.
is this possible ? if so, how can i do it ?
Thanks Guys.
... View more