I'm trying to create a table which shows the following: -
Domain Client_IP Client_User Count
www.google.com 192.168.1.100 manwin 5
www.spurs-sg.org 192.168.1.101 User2 10
I can get a table showing me
Domain Client_IP Count
by doing the following search
sourcetype="bcoat_proxysg" |top limit=100 Domain by Client_IP
but I can't find a way to add in the user.
You can do
sourcetype="bcoat_proxysg" |top limit=100 Domain by Client_IP, Client_User
More info on top: http://www.splunk.com/base/Documentation/latest/SearchReference/Top
You can do
sourcetype="bcoat_proxysg" |top limit=100 Domain by Client_IP, Client_User
More info on top: http://www.splunk.com/base/Documentation/latest/SearchReference/Top
Thanks I've given it a tick. Thanks for your response.
Feel free to accept usable answers -- helps close out the question and makes the site more usable for new users especially. Thanks!
Thanks, I just tested with my sample data and it worked.......
Interestingly when I was testing the exact same command at my customer's location it did not give me any results.