Hi all I’m new to Splunk so forgive my ignorance. We’re currently using Splunk as a SIEM and I’m having trouble getting a search query put together. What I’m looking for is: Show me all unique sources that have initiated ICMP traffic. I believe that I’m getting the correct results with the following search string. index="indexabc" dest_port=0 | stats count by src_ip The additional information I’m looking for is “by unique source IP (above) find those that have 10+ unique destination IPs (dest_ip).”
... View more