Hi,
I have a search string that shows the top 20 security related events by country on my Cisco ASA.
eventtype=cisco-security-events | iplocation src_ip | stats count by Country | sort 20 - count
It works well and displays the countries and total number of events for whichever time range I've specified.
However, when I want to click an individual country (Australia) and view the events, Splunk returns "No Results Found". Even though there are 8000+ events for Australia
A manual search also shows no results found:
eventtype=cisco-security-events Country=Australia | iplocation src_ip
Can someone please explain why this is happening and kindly offer a solution?
Thanks Ninjas!
... View more