Solved: How do I filter values with at least one zero in t...

Shark2112 · ‎10-04-2018

Hello!

I want to find local IPs that communicate with outside IPs every 5 minutes, for example:

                                      192.168.1.11       192.168.1.12       192.168.1.13

8.8.8.8 10:00:00 1 3 0
9.9.9.9 10:00:00 2 0 4

8.8.8.8 10:05:00 1 3 1
9.9.9.9 10:05:00 2 1 4

8.8.8.8 10:10:00 1 3 1
9.9.9.9 10:10:00 2 1 0

so i want to find:
192.168.1.11 to 8.8.8.8
192.168.1.11 to 9.9.9.9
192.168.1.12 to 8.8.8.8

i tried

| bucket span=10min _time
| stats count by int_ip ext_ip

but can't understand how to filter it

Shark2112 · ‎10-04-2018

Shark2112 · ‎10-04-2018

How do I filter values with at least one zero in time?