Hello
You could try something like:
source="C:\Users\L30814\Desktop\1713.log" http NOT "xxx.xxx.xxx.xxx" | top 10 DestinationIP
But this would filter any event with that ip adress, not just "source" adresses.
If you have the field extracted you can do it better with this command:
source="C:\Users\L30814\Desktop\1713.log" http AND c_ip!="xxx.xxx.xxx.xxx" | top 10 DestinationIP
Supposing that you source ip adress is extracted in the field c_ip
Regards
Hello
You could try something like:
source="C:\Users\L30814\Desktop\1713.log" http NOT "xxx.xxx.xxx.xxx" | top 10 DestinationIP
But this would filter any event with that ip adress, not just "source" adresses.
If you have the field extracted you can do it better with this command:
source="C:\Users\L30814\Desktop\1713.log" http AND c_ip!="xxx.xxx.xxx.xxx" | top 10 DestinationIP
Supposing that you source ip adress is extracted in the field c_ip
Regards
No problem
You can mark it as "Correct answer" if you think it´s correct. Thanks
Thaks a lot!