Hello everybody,
i want to count how often does a specific pair of src-dest appear...
something like
src, dest, count
10.10.10.10 11.11.11.11 3
10.10.10.10 11.11.11.12 1
10.10.10.10 11.11.11.13 12
I use following string
| tstats summariesonly=true prestats=true count as boo from datamodel=Network_Traffic.All_Traffic where All_Traffic.x_src_zone="smth" All_Traffic.x_dest_zone="smth" by All_Traffic.x_src_zone All_Traffic.x_dest_zone| table All_Traffic.x_src_zone All_Traffic.x_dest_zone boo
Unfortunately, the whole boo column is always empty
↧