Hi,
I am new to ELK and cannot find the good way to do the following (neither the keywords to search the documentation...) :
I have an index with my ASA VPN logs.
When a user connect we get a "login" log and a "logout" log when they disconnect.
I try to make a query to get all connected users.
It seems to me that I need to build a query looking for the "login" logs where there is no "logout" logs afterward yet.
(the id to identify each log would be the username&IP of the user).
Is it possible to build such a query with elasticsearch ?
I would really appreciate if someone could tell me in what direction to look in the documentation.
Best Regards,
Jérôme