Hello,
I have a device that sends its logs in multiple lines. It's an authentication device, and for one authentication, it sends about 10 logs, all containing a field that is like a session reference.
I would like to create a graph with the failed authentications that are present on the logs, but to do so, I have to correlate 2 log lines (the one containing the username, and the other one containing the message "Sent failure response".
The 2 fields are CN for the username and response_type for the message that is returned by the device.
The one field that is present on both logs is an otp code simply named otp.
I have tried different approaches but every time, I get more information that I need on my final table or not as much as I want on a pie chart.
Can anyone tell me how to correlate 2 fields across the same index on 2 different logs with one field in common, please?
Thank you in advance
Mael
... View more