Hi All
We're importing our WAF logs into Splunk, and I'd like to create a table to shows where traffic is originating, and how its being actioned. This can be generated from 2 fields -
Country - List of Countries
Action - What action was taken
The issue is, I want to use Action to generate the dynamic columns, and add a couple of additional data points, such as:
Country Blocked Allowed Held Total Requests % Blocked
UK 10 80 10 100 10%
IRE
IT
I managed to get a table based upon country and action using
| chart count over country by action
and
| chart count over action by country
But using this method, I don't think its possible to add the Totals Requests or the % blocked.
... View more