Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Search for ports by host

vumanhtai
Path Finder
‎12-01-2017 05:03 PM

Hi All!
What search commands can I use to get results like this?

alt text

Tags (1)
Preview file
1 KB
Reply

woodcock
Esteemed Legend
‎12-02-2017 12:20 PM

Like this:

... | stats first(status) BY host port
| stats list(port) AS port list(status) AS status BY host
0 Karma
Reply

niketn
Legend
‎12-02-2017 03:28 AM

@vumanhtai, multiple ips can be connecting to same port. So ideally you should have the result other way around

 <YourBaseSearch>
| eval port_status=port." - ".status
| stats values(port_status) as port_status by host
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

493669
Super Champion
‎12-01-2017 11:56 PM 
...|stats list(port) as port, list(status) as status by host

OR

...|stats values(port) as port, values(status) as status by host

You can try this...
list() does not dedup while values() will dedup

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...