Hello Everyone.
The following query is providing me what I need for PANs (each pillar is representing . However, I need to change the following query to get all (four PANS) in their own separate pillar, representing for last 8 days with each Pillar representing all for pans for each day.
index=pa* sourcetype=pan:threat (action=dropped OR action=blocked) src_ip!=10.* threat_id=* | stats count by dvc_name | sort count desc
Any assistance you can provide in that regard will be greatly appreciated.
... View more