Hi There,
Am trying to write a query for detecting the account shares among the users .I dont know how to execute it.
I have field called event_data.TargetUserName and event_data.IpAddress, i would like to search for query some thing like
At 10:00am > [ event_data.TargetUserName = abc , event_data.IpAddress=10.0.0.1 ]
At 10.05am > [ event_data.TargetUserName = abc , event_data.IpAddress=10.0.0.5 ]
there is possiblity of user having multiple machines but still could be useful to track .May be ip in different subnets reflecting in different location
Thanks,
Raj