hello @yuanliu , 1. the reason behind not mentioning src as source IP is, it is very clear to what I have mentioned in query against "src" field. There is no other field indicating to what source IP field could possibly be. so there is no doubt in what source IP field is mentioned. 2. I clearly mentioned the result is giving me duplicate entries for source IPs (src) which I would want as unique results of src. To further elaborate, I want all the fields for analysis (highlighted in question) but grouping by source IP (src) for unique source IP addresses. Thus, my question was that how can I achieve that and what changes should be done in query for such advanced query . 3. The point of making sure that the extra fields should be dependent on source IP is well noted and will work on results based on that. Thanks for your inputs.
... View more