AnsweredAssumed Answered

Conditional Categorization

Question asked by Joe Gumke on Sep 29, 2017
Latest reply on Oct 4, 2017 by Joe Gumke

How do we properly categorize events with different fields populating needed information to categorize the event?

 

Sample Log:

 

2017-09-28 15:14:31.930^^AUDIT^^User Management Service^^samplehost^^Logged in. User's last login date updated^^themountain@westoros^^Login^^SUCCESS

 

Login and success are parsed two different fields. How do we categorize events that have multiple values to properly categorize this. This event would be categorized as :

 

One of the two :

User.Activity.Successful Logins

Auth.Successful

Outcomes