New to the splunk community and still learning the way of searches. In a nutshell i want to do a search against a cisco IPS sensor for top 5 signatures over 24hours. Easy to do but how can i then take that result and say top signature show me the top srcip's. I was thinking that i could pipe the results into another top limit=5 srcip but no luck. Ive even tried doing top limit=1 signature. Thinking something with append maybe?