Hi,
How do I write a search to get particular source IP activities for the last 7 days?
Ex :src="122.15.158.173"
Regards,
Syed
Try this if src field has already been extracted.
index=yourindex sourcetype=yoursourcetype src=122.15.158.173 earliest=-7d@d | table _time src _raw
If src field has not been extracted, you will need to extract that first. If you share some data, someone here can help.
Try this if src field has already been extracted.
index=yourindex sourcetype=yoursourcetype src=122.15.158.173 earliest=-7d@d | table _time src _raw
If src field has not been extracted, you will need to extract that first. If you share some data, someone here can help.
Thanks, the logs for the particular Source ip contains more than one Index and Sourcetypes and also data is containing huge, which is taking much time to get the answer.
is there any query, where can get the data in few mins, which can help us to analys the issue.