Multiple Selected users with Multiple selected Event ID alert

Ahamed Fasudeen

Hi Team, i'm new to Sumo logic

I need a search string for "Multiple Selected users with Multiple selected Event ID alert".

I.e.

_sourceCategory=windows/domain _sourceName=Security| parse "EventCode = *;" as event_id| where event_id=4726

In this i need alert only for selected users (ABC, XYZ, 123) and selected Event ID (4726, 4725) etc...

0 comments

Please sign in to leave a comment.