I am trying to create a search that is pulling geographic IP information about the users and showing which server was getting the requests at that location. I have this working completely and showing the host being queried from a location, but I want to rename the output hosts .Example, we have server1 which hosts website1.com, server2 that hosts website2.com and so on. I would like the geostats graphs to show the "website1.com" tag that I set instead of the host "server1" so it is easier to read for those with no network familiarity.
The code I have right now is as follows:
host="server1" AS OR host="server2" OR host="server3" OR host="server4" OR host="server5" OR host="server6" OR host="server7" | rex "(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" | where NOT cidrmatch("##.##.#.#/##",src_ip) | iplocation src_ip | geostats count by host
... View more