Hi,
I'm using splunk for caching the log and reporting, now I need to query in splunk for user action and generate a report. My case will be showed as following
I had several events in a log like :
e1: [email1@test.com] Login system with username:email1
e2: [email1@test.com] Read articleId:art1
e3: [email1@test.com] Read articleId:art2
e4: [anotheremail1@test.com] Login system with username:email2
Now I want to list all actions made by user who read article with articleId is art1. Which search statement can help me?