I'm trying to find the number of unique ports accessed by IP's, by count. i.e. IP 8.8.8.8 connected to 5 unique ports. As of right now I am able to see the unique ports connected to by the IP address with the below command.
sourcetype="source_traffic" | stats values(src_port) by dst_ip
Is there a way to count those unique ports and display only that number? I have also tried:
sourcetype="source_traffic" dst_ip="x.x.x.x" | stats count values(src_port) by dst_ip
This one appears to the show a higher count than displayed port numbers.
TIA for any help!
... View more