Sequential event mining

Hi everybody,

I am new to Splunk. I have a question about Splunk query.

Here are some sample logs (timestamp ordered) which record users' success attempts and failure attempts:

TimeStamp UserName Status t7 UserA success t6 UserA failure t5 UserB success t4 UserC failure t3 UserC success t2 UserD failure t1 UserE success

My question is what should the query like if I want to find out users whose first attempt failed and then second attempt succeeded? .

Thanks.