Here is what I'm trying to do. Say I have 10 servers being targeted by several public IP addresses, is there anyway to flip the values where instead of having to copy all the 10 internal IP address as source and finding all the public IP addresses?
Example query:
index=myfirewall | table srcIP,destIP,action
Output scenario:
100 attacking IPs -> 10 servers
Desired outcomes:
1
100 src attacking IPs -> 10 destination servers | "flip?"
10 src servers IPs -> 100 destination IP addresses
2
Any internal source IP -> 100 destination attacking IP addresses (without having to copy the entire list)
... View more