I need to achieve below and appreciate communities help.
I have messages coming in from firewall in stream assume STREAM-FW and I am only interested when the field has “sourceUserName” else all the messages should be dropped. [I can drop the messages which matches certain but how do I drop everything except…]
This first requirement now on the same front; I have another stream STREAM-DNS where I am parsing those and has field “clientipaddr”. Now, how I need to find out the username associated with clientipaddr which is appearing in STREAM-FW.
Can someone please help me on the pipeline pls?