Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question
Solved! Jump to solution

Get top 20 countries from Cisco ASA events

madstylex
New Member
โ€Ž02-08-2016 01:12 AM

Hi,

I am searching my Cisco ASA logs to count where an IP originates from by country.

It looks like this:

eventtype= | iplocation src_ip | stats count by Country

It works well to give me a count of all the countries, but I can't get it to give me the top 20 only. I have tried multiple combinations of the 'top' and 'head'

I don't want to just choose 20 results per page as I need to generate reports for this.

Can anyone help me out?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
SplunkTrust
SplunkTrust
โ€Ž02-08-2016 01:37 AM

Try 

eventtype= | iplocation src_ip | stats count by Country|sort 20 - count

View solution in original post

Reply
Solved! Jump to solution
Solution

renjith_nair
SplunkTrust
SplunkTrust
โ€Ž02-08-2016 01:37 AM

Try 

eventtype= | iplocation src_ip | stats count by Country|sort 20 - count

View solution in original post

Reply
Solved! Jump to solution

madstylex
New Member
โ€Ž02-08-2016 06:54 AM

This worked, thanks

0 Karma
Reply
Solved! Jump to solution

javiergn
SplunkTrust
SplunkTrust
โ€Ž02-08-2016 01:33 AM

You can try this instead:

eventtype= | iplocation src_ip | top limit=20 Country
0 Karma
Reply