I have list of output here from command. With stats command it comes with long list of service (tcp or udp high ports), is there any command to group by them with condition if port number greater than 1024? It would be grateful if you guys can help. Thanks!
index=someindex |stats count by dstip service|sort count|stats values(service) list(count) by dstip
**OUTPUT**
**services dstip
t**cp_1028 192.168.1.10
tcp_1029
tcp_1030
tcp/10100
tcp/10108
tcp_2056 192.168.1.20
tcp_2068
udp_3378
udp_4069
↧