Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I create a table of my search results with a count of each matching dest_ip value?

bayman
Path Finder
‎10-04-2017 12:14 PM

I have this search of events:

eventtype=cisco-firewall src_ip="*" (dest_ip="192.168.1.2" OR dest_ip="192.168.2.2" OR dest_ip="10.10.1.1" )

For each src_ip, I'd like to list the dest_ip and the count of src_ip so it'd like look

src_ip          | dest_ip                | count
212.123.123.123 | 192.168.1.2, 10.10.1.1 | 123
215.123.123.123 | 192.168.1.2, 10.10.1.1 | 55
214.23.23.23    | 192.168.2.2            | 894
211.45.55.55    | 192.168.1.2, 192.168.2.2, 10.10.1.1 | 235
0 Karma
Reply

mydog8it
Builder
‎10-04-2017 12:39 PM

your search
| stats count by src_ip dest_ip
| stats list(dest_ip), list(count) by src_ip

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...