Hi,
I'm looking to write a splunk search that joins consecutive similar events. The data is of IP Addresses allocation to machine names, so the lines are of the following format:
[Start Time],[End Time],[Hostname],[IP Address] 10:00,10:15,MINE-PC,10.0.0.2 10:15,12:00,MINE-PC,10.0.0.2 12:00,12:45,MINE-PC,10.0.0.5 12:45,13:08,MINE-PC,10.0.0.5 13:08,13:37,MINE-PC,10.0.0.2
I would like to join all consecutive identical IP Addresses so the results should look like: [Start Time],[End Time],[Hostname],[IP Address] 10:00,12:00,MINE-PC,10.0.0.2 12:00,13:08,MINE-PC,10.0.0.5 13:08,13:37,MINE-PC,10.0.0.2
Could anyone please provide a short search code?
Thanks, Ori.