Hey guys ,
I have created a subsearch for my firewall log files :
sourcetype="honetnet" [search sourcetype ="honetnet" | top limit=10 SPT | fields SPT] |top limit=3 SRC BY SPT
The results i get is what i wanted , whereby i search for the top 10 SPT(Source ports) and then search for the top 3 SRC(source ip address) for each source port. However , I would like to add one more field(direction) to show the direction of my connection to my search but I am having difficulties.
Current output :
SPT , SRC ,count , percent
New output:
SPT,SRC,direction,count,percent
Any ideas? Thanks alot!
... View more