In this example you want to work only with log files that have been properly indexed. You can either use default fields, or extract your own fields (see previous how-to). In this example, I want to only see logs that contain the four variables that I have previously setup that show the traffics source and destination IP and Port. To do this, simply enter in the following on the search bar: IP_src=* IP_dest=* PORT_src=* PORT_dest=*(not that in this example, I set the view to be "table" rather then "list")  Once this is done, you can then sort data based on the variables that required. |