I'm trying to run a simple search that shows only specific results and excludes the rest.
The results are coming from our proxy and I only want to show two categories: Malnets or Botnets; however when running the search it populates the results with additional categories (such as Health, Shopping, Technology, etc.). As it's going to be used in a dashboard, I only want to show the two intended categories and exclude the rest.
(I'm fairly new to Splunk so my knowledge is not very vast.)
The search I have so far is:
index=proxy category="*botnets" OR category="*malnets" | chart count by category | sort -count
I've tried searching around and trying a few other commands (like useother but can't seem to get it to work out how I want it.
Thanks in advance for any help.
... View more