I have multiple columns:
source address: saddr
dest address: daddr
times seen: times_seen
destination port: dport
latitude: slat
longitude: slong
My report data is presented as:
saddr daddr dport times_seen slat slong
saddr daddr 0 12 lat long
saddr daddr 1 22 lat long
saddr daddr 0 15 lat long
saddr daddr 1 7 lat long
I'd like to see on my geostats map each dport and how many times it was seen by lat and long on the bubble. I'm getting everything working except for the addition of the "times_seen" block. Anytime I try to evaluate or add the "times_seen" I either get no results or an error.
I'm using:
index="the_index" | geostats latitude=slat longitude=slong count by dport
↧