Hi, i search splunk document i find can't use command table must use chart, timechart, stats, and top...
HTTP://docs.splunk.com/Documentation/Splunk/5.0.8/Knowledge/Manageacceleratedsearchsummaries
I'm modify search, but always stay 0%...
index=xxx
| fillnull value="SSL" attack
| eval bandwidth=rcvdbyte+sentbyte
| eval bandwidthMB = round(bandwidth/1024/1024,2)
| strcat " " time " " as Date
| eval n = coalesce(hostname, host_name)
| strcat " " n url " " as weburl
| stats sum(bandwidthMB) as bandwidthMB values(srcip) as srcip values(attack) as app earliest(Date) as FirstDate latest(Date) as LastDate values(weburl) as weburl by dstip
... View more