Here is what the code looks like separate,
(my search) | stats sum(bytes) by src_ip | sort 5 -bytes
and
(my search) | stats sum(bytes) by dst_ip | sort 5 -bytes
I basically want to merge both of these outputs onto one graph so I don't have two separate graphs, (for space sake)
I have tried a combination of filters, append, appendcol, streamstats and I have had no luck yet.
Thanks for any/all help
Just in case you're still interested in that panel, try this
(your base search) | eval IPAddr=src_ip." ".dst_ip | makemv IPAddr | stats sum(bytes) as Bytes by IPAddr
(my search) | stats sum(bytes) as sum_bytes_src_ip by src_ip | sort 5 -bytes
| appendcols [search (my search) | stats sum(bytes) as sum_bytes_dst_ip by dst_ip | sort 5 -bytes ]
|table sum_bytes_src_ip src_ip sum_bytes_dst_ip dst_ip
or
(my search) | streamstats sum(bytes) as sum_bytes_src_ip by src_ip| appendcols [search (my search)
| streamstats sum(bytes) as sum_bytes_dst_ip by dst_ip]
|table sum_bytes_src_ip src_ip sum_bytes_dst_ip dst_ip
(my search) |stats sum(bytes) as Bytes by src_ip,dst_ip
Thanks,
Raghav
Thanks for your help, fdi01 and Raghav2384. I have attempted both of your solutions and couldn't reach the desired outcome I was looking for. So thusly I have decided to scrap this panel in favor of a different one. I would like to thank you both for your help though, it was much appreciated.