×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
deathbyearthwor
Explorer
Member since: ‎10-10-2016
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎10-10-2016
Activity Feed
View All

Re: How to show Value and Count in a subsearch?

by in Splunk Search
‎10-11-2016 10:22 AM
1 Karma
‎10-11-2016 10:22 AM
1 Karma
That did it! Thank you very much. I must say I really like the community here. ... View more

Re: How to show Value and Count in a subsearch?

by in Splunk Search
‎10-11-2016 10:06 AM
‎10-11-2016 10:06 AM
That looks like it combined the IP and the port into one string and each column is a single IP:Port pair. I'd like each column to be a single ip but a stacked graph showing a breakdown of each port by the IP address. Thanks for your help. ... View more

Re: How to show Value and Count in a subsearch?

by in Splunk Search
‎10-11-2016 09:35 AM
‎10-11-2016 09:35 AM
That worked perfectly! Now it doesn't show the data on the column chart like I'd want to. If I tell it to stack with that data it stacks the port number itself and then the count. I want the port numbers to be in the legend of the graph but not treat it as a number to add to the graph. ... View more

How to show Value and Count in a subsearch?

by in Splunk Search
‎10-10-2016 10:12 PM
‎10-10-2016 10:12 PM
My goal is to look at firewall data and pull the top 10 Blocked IPs along with the incoming ports they were hitting. So I want the IP, then all ports on that IP, and the count of the ports. Here is what I have so far host=10.2.2.1 filterlog [search host=10.2.2.1 filterlog | top Source_IP | table Source_IP] | stats values(Source_IP) as IP, values(Destination_Port) as Ports by Source_IP | table IP, Ports It works for IP with a list of ports but I cannot get a count of the ports. Here is what it spits out IP Port 10.2.2.183 443 80 993 10.2.2.22 443 80 112.138.14.244 51413 119.247.54.238 51413 120.75.230.2 51413 178.93.32.248 51413 180.127.81.72 51413 36.228.5.180 51413 And I want something more like this IP Port Count 10.2.2.183 443 22 80 25 993 148 10.2.2.22 443 7486 80 454545 112.138.14.244 51413 14 119.247.54.238 51413 54 120.75.230.2 51413 11 178.93.32.248 51413 1 180.127.81.72 51413 45 36.228.5.180 51413 454 ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All