Hi there,
Does anyone know how to use the 'session' function in AQL?
If so can you give me a sample query?
select "src,dest,user,SessionID" from events
where devicetype=nnn
START '2021-04-13 00:00' STOP '2021-04-16 00:00'
How can I query these events by grouping them by the SessionID
i.e the SessionID is like a transaction id, eg: here you see 3 lines with the same sessionID of 1111:
1111 user login from user Bob
1111 a change is made
1111 a file is deleted
1111 user logs out
NOTE: the username ONLY is logged in line 1.
So you need the sessionID to group all the activities to a single user.
Thanks very much for your help.
Thanks for your help.
------------------------------
david broggy
------------------------------