Hello,
I'm trying to show login stats from different sources by user. Those two sources d'on't show user with the same field (Nom_de_l_utilisateur and user).
This search shows "No results". If I display either one or the other it works but not both at the same time.
(source="WinEventLog:Security" "CategoryString=Ouverture/fermeture" "Type=Failure" Type="Failure Audit") OR (source=udp:514 eventtype="failed_login") | regex host!="[QqZzVv][0-9].*" | search NOT "FortiService" | stats count by Nom_de_l_utilisateur,user
Thanks in advance :-)
