https://community.splunk.com/t5/Splunk-Search/How-do-i-group-the-log-for-ip-or-type/m-p/62225#M15381 <P>Im sorry if you couldn't understand me</P> <P>I mean I want to do a report that tell me who attack me and which ip, things like that, but I have no idea how to group these events.</P> Mon, 17 Sep 2012 21:12:16 GMT graidelak 2012-09-17T21:12:16Z https://community.splunk.com/t5/Splunk-Search/How-do-i-group-the-log-for-ip-or-type/m-p/62223#M15379 <P>Hi I want to know how can i group my log from my firewall by source ip, or dest_ip or type, because i want to make a report that show me the attack or events by groups.</P> <P>Maybe is a stupid question but im just newbie using splunk and i want to learn how can i do that.</P> <P>Thank you</P> Mon, 17 Sep 2012 20:38:03 GMT https://community.splunk.com/t5/Splunk-Search/How-do-i-group-the-log-for-ip-or-type/m-p/62223#M15379 graidelak 2012-09-17T20:38:03Z https://community.splunk.com/t5/Splunk-Search/How-do-i-group-the-log-for-ip-or-type/m-p/62224#M15380 <P>I am not sure I understand the question</P> <P>If you want statistics then take a look <A href="http://splunk-base.splunk.com/answers/58911/show-column-as-count?page=1&amp;focusedAnswerId=58942#58942">here</A>:</P> <P>If you want these combined together, perhaps the <A href="http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Transaction">transaction search cmd</A></P> Mon, 17 Sep 2012 20:50:03 GMT https://community.splunk.com/t5/Splunk-Search/How-do-i-group-the-log-for-ip-or-type/m-p/62224#M15380 melting 2012-09-17T20:50:03Z https://community.splunk.com/t5/Splunk-Search/How-do-i-group-the-log-for-ip-or-type/m-p/62225#M15381 <P>Im sorry if you couldn't understand me</P> <P>I mean I want to do a report that tell me who attack me and which ip, things like that, but I have no idea how to group these events.</P> Mon, 17 Sep 2012 21:12:16 GMT https://community.splunk.com/t5/Splunk-Search/How-do-i-group-the-log-for-ip-or-type/m-p/62225#M15381 graidelak 2012-09-17T21:12:16Z https://community.splunk.com/t5/Splunk-Search/How-do-i-group-the-log-for-ip-or-type/m-p/62226#M15382 <P>Did you take the Splunk tutorial? It's a great way to get past the "I'm very new to Splunk" phase.</P> Mon, 17 Sep 2012 21:16:02 GMT https://community.splunk.com/t5/Splunk-Search/How-do-i-group-the-log-for-ip-or-type/m-p/62226#M15382 Ayn 2012-09-17T21:16:02Z https://community.splunk.com/t5/Splunk-Search/How-do-i-group-the-log-for-ip-or-type/m-p/62227#M15383 <P>Yeah I did but I can't group those events. Let me see if I can explain better.</P> <P>I want to see my firewall log (watchguard) and make some search by src_ip or dest_ip and then a report to see how many deny, attack, or error i had. </P> <P>I saw many apps for firewall but i didn't see one for watchguard firebox</P> Mon, 28 Sep 2020 12:27:20 GMT https://community.splunk.com/t5/Splunk-Search/How-do-i-group-the-log-for-ip-or-type/m-p/62227#M15383 graidelak 2020-09-28T12:27:20Z https://community.splunk.com/t5/Splunk-Search/How-do-i-group-the-log-for-ip-or-type/m-p/62228#M15384 <P>You'd need to create fields out of your logs (covered in the tutorial, tl;dr: use the interactive field extractor in splunkweb), and then grab stats on the fields you mention (also covered in the tutorial). If you want to create a search form that only requires you to input an IP number and automatically get charts, tables etc, have a look at the "Build forms" section of the developer manual).</P> Mon, 17 Sep 2012 21:55:38 GMT https://community.splunk.com/t5/Splunk-Search/How-do-i-group-the-log-for-ip-or-type/m-p/62228#M15384 Ayn 2012-09-17T21:55:38Z https://community.splunk.com/t5/Splunk-Search/How-do-i-group-the-log-for-ip-or-type/m-p/62229#M15385 <P>query | chart by host</P> <P>by important part being "by host"</P> Mon, 17 Sep 2012 22:01:27 GMT https://community.splunk.com/t5/Splunk-Search/How-do-i-group-the-log-for-ip-or-type/m-p/62229#M15385 rogerdpack 2012-09-17T22:01:27Z