Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Search Help combine with Dashboard

coric
Engager
‎10-01-2021 03:55 AM

Here's my challenge,

I've got multiple same IP with Different Attack_type categories,

I'm trying to combine all the same IP  together and make a chart that shows the Attack_type and just 1 IP

 

Something like this but a dashboard that list out what IP is associated to all the different Attack_type 

 

 

Labels (3)
Labels
Tags (1)
Preview file
13 KB
0 Karma
Reply

jhanvidattani
Path Finder
‎10-02-2021 02:25 AM

@coric 

You can try the below thing to handle this. It will give the latest value of Attack_type for given ip_adddress.

| stats first(Attack_Type) count as Count by ip_address

 If you are using tstats command and Data model, then you can also go for the below thing:

| tstats summariseonly=<keep_it_configurable> latest(<data_model>.Attack_type) from datamodel=<> by <data_model>.ip_address


 If you find my solution fruitful, then an upvote would be appreciated.

0 Karma
Reply
Get Updates on the Splunk Community!

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

&#x1f5e3; You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...

Splunk New Course Releases for a Changing World

Every day, the world feels like it’s moving faster with new technological breakthroughs, AI innovation, and ...