Hi,
that's provided by this:

grep -rin listeningports . | grep output
./SA-EndpointProtection/default/savedsearches.conf:55:search = `listeningports` | table _time,dest,dest_bunit,dest_category,dest_pci_domain,dest_requires_av,dest_should_timesync,dest_should_update,transport,dest_port,transport_dest_port,tag | `filtertags("endpoint")` | `tscollect("sa_listening_ports","true","true")` | stats min(_time) as firstTime,max(_time) as lastTime by dest,dest_port,transport | inputlookup append=T listeningports_tracker | `lower(dest)` | stats min(firstTime) as firstTime,max(lastTime) as lastTime by dest,dest_port,transport | outputlookup listeningports_tracker | stats count

the listeningports macro is:

[listeningports]
definition = tag=listening tag=port | tags outputfield=tag | eval transport=lower(transport) | `get_transport_dest_port`

Do you have data that is tagged that way?