Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Search Help combine with Dashboard

coric
Engager
‎10-01-2021 03:55 AM

Here's my challenge,

I've got multiple same IP with Different Attack_type categories,

I'm trying to combine all the same IP  together and make a chart that shows the Attack_type and just 1 IP

 

Something like this but a dashboard that list out what IP is associated to all the different Attack_type 

 

 

Labels (3)
Labels
Tags (1)
Preview file
13 KB
0 Karma
Reply

jhanvidattani
Path Finder
‎10-02-2021 02:25 AM

@coric 

You can try the below thing to handle this. It will give the latest value of Attack_type for given ip_adddress.

| stats first(Attack_Type) count as Count by ip_address

 If you are using tstats command and Data model, then you can also go for the below thing:

| tstats summariseonly=<keep_it_configurable> latest(<data_model>.Attack_type) from datamodel=<> by <data_model>.ip_address


 If you find my solution fruitful, then an upvote would be appreciated.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...