I am attempting to create a report that shows the top destination IPs. I would like this report to include the Destination IP, Destination Port, Source IP, Geo-location, and the total grouped event count for each.
The problem I am having is that when creating a report query it will only let me group up to three fields therefor leaving me unable to create this report unless I want to leave out data.
My questions are this:
Why is this limitation there in the first place, or at least, why so few? Does it tax the system too much having to group that much data?
Second, does anyone know an alternate way to get this information in a report?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.