Hello Splunk Answers!
Excuse the rookie question. I have a splunk instance that is consuming data with events that look like this..
date, domain_accessed, user_visiting_domain, domain_category
I want to create a search where I compare the 'domain_category' on the current day to the same field over a specific period!
For instance I want the search to list domains that are currently categorised as 'storage' and then search over the previous months for the same domain but only show those which have NOT been previously categorised as 'storage'..
I.e I want to identify all 'domains_accessed' where the category has changed from '---' to 'storage' in a given period of time?
Any help gratefully received!
a2368026
... View more