I'm trying to get my table to group events by Source IP. The search counts the number web traffic hits by Source IP and groups them into 1 hour time frame. I want to then have each Source IP as a single event and also show all the hour time spans that that IP was seen.
Current:
Time Count IP
2016-06-02 14:00 3500 1.1.1.1
2016-06-02 16:00 3000 1.1.1.1
2016-06-02 15:00 3000 2.2.2.2
What I want:
Time Count IP
2016-06-02 14:00 6500 1.1.1.1
2016-06-02 16:00
2016-06-02 15:00 3000 2.2.2.2
↧