I am running the following search:
"authentication failed" | stats count by user, sourceip | sort -count | head 10
Which produces a table with three columns, user, sourceip and count, like so (scrubbed data):
![alt text][1]
I would like to display this in a bubble visualization, where the X and Y axes map to my users and sourceips, and the size of the bubble maps to the count. Is there any way to do this?
[1]: /storage/temp/72236-capture.png
↧