Hi,
I would like to automate the search results Next the sourcetype but also according to the source IP address.
The code:
<form>
Dynamic Source
Sourcetype
All
<![CDATA[|metadata type=sourcetypes index= | stats count by sourcetype]]>
Top 5 source
index=* sourcetype="$sourcetype$" src="$src$"| stats sum(sent) as send sum(rcvd) as receive by dst | sort - send,receive | head 10
Have you any idea?
... View more