2,306
edits
Changes
Jump to navigation
Jump to search
mLine 114:
Line 114: + + + +
no edit summary
[[File:Splunk Lookup Definition.png|alt=Splunk Lookup Creation|left|frameless|800x800px|Splunk Lookup Creation]]
[[File:Splunk Lookup Definition.png|alt=Splunk Lookup Creation|left|frameless|800x800px|Splunk Lookup Creation]]
<br />
<br />
=== Query Usage Example ===
<syntaxhighlight lang="text">
sourcetype="pfsense:filterlog" host="pfsenseoperacionesinternet.rra.lan" dest_int=pppoe0 direction=inbound vendor_action=block | lookup GeoIP ipaddr as src_ip OUTPUT location | stats count by src_ip, location, dest_port, vendor_action | sort -num(count), sort num(src_ip), sort str(location), sort num(dest_port)
</syntaxhighlight>