Hello. I have this search:
* app="youtube" | top limit=20 srcip by app showperc=f countfield=total
of this log:
date=2015-01-14 time=08:32:10 srcip=192.168.1.200 app="Youtube" rcvdbyte=121
date=2015-01-14 time=08:38:10 srcip=192.168.1.200 app="Youtube" rcvdbyte=500
date=2015-01-14 time=08:32:10 srcip=192.168.1.200 app="Youtube" rcvdbyte=900
I need to add the total of bytes received (rcvdbyte) per IP in that App. I tried with stats sum before and after the top but the results are blank. Thanks
... View more