When I search my results I want it to update the field accordingly.
For example in my case when i search my Audit logs , The log contains the words "write control" and "Read control" within the text of the log but the field is set to Read Control instead of Write.
So if the log contains the word Write i want it to replace the field Accesses to Write instead of Read.
This is the search I am using
EventCode="5145" NOT Relative_Target_Name="Desktop.ini" NOT Share_Name="\*IPC$" NOT Relative_Target_Name="\" | table Account_Name,Accesses, Share_Name,Relative_Target_Name,Da_te,Ti_me,AM_PM
Any help with this will be great...