Hi, I am trying to build a dashboard to show a mapping between source IP and destination IP based on different connections (open or close). I was able to get the result like this but not sure how to present it in a visualization tool and group by the source IP. Any help would be appreciated. Source IP, Destination IP, Connection Type, Count 10.2.12.3, 168.192.0.1, open, 24 10.2.12.3, 168.192.0.5, open, 45 10.2.12.6, 168.192.0.1, close, 12 10.2.12.4, 168.192.0.6, open, 4   Thanks   Thanks, Jun ... View more

Hi,  I am a beginner here in Splunk. I am trying to search multiple lines in the log and generate an alert if certain values match.  For example, in the log below, I wanted to compare the IP address (10.0.46.173) when the Error Code is "ERROR_CREDENTIAL". If the IP addresses are the same, then an alert will be created.   2022-12-13 19:05:48.247 ERROR:ip-10-0-46-173.ap-northeast-1.compute.internal,10.0.46.173,19:05:48,ERROR_CREDENTIAL,sfsdf 2022-12-13 19:06:00.580 ERROR:ip-10-0-46-173.ap-northeast-1.compute.internal,10.0.46.173,19:06:00,ERROR_CREDENTIAL,kjsadasd 2022-12-13 19:06:17.537 ERROR:ip-10-0-46-173.ap-northeast-1.compute.internal,10.0.46.173,19:06:17,ERROR_CREDENTIAL,opuio   I wonder if anyone could help and guide me with right document.   Thanks, Junster ... View more