I'm very new to splunk, and just started using it. Please forgive my ignorance.
I'm dumping my syslog from a sonicwall. They look something like this.
Oct 2 16:12:06 10.89.55.40 id=firewall sn=xxxxxx time="2014-10-02 16:12:06" fw= pri=1 c=0 m=1198 msg="Initiator from country blocked: Initiator IP:209.172.40.87 Country Name:China" note="Initiator IP:209.172.40.87 Country Name:China" sess=None n=176896 src=209.172.40.87:43642:X1:smtp-newslist-87.coremotivesmarketing.com dst=
I would like to get a report that would list all the country names that are blocked and give me totals/statistics.
Thanks for your help.
... View more