I am attempting to create a report that shows the top destination IPs. I would like this report to include the Destination IP, Destination Port, Source IP, Geo-location, and the total grouped event count for each.
The problem I am having is that when creating a report query it will only let me group up to three fields therefor leaving me unable to create this report unless I want to leave out data.
My questions are this:
Why is this limitation there in the first place, or at least, why so few? Does it tax the system too much having to group that much data?
Second, does anyone know an alternate way to get this information in a report?