List of unique sourceHosts in a sourceCategory

Comments

2 comments

  • Official comment
    Avatar
    Graham Watts

    Hey David,


    Can you try this query and let us know if this is what you're trying to see?

    _sourceCategory=prod/network
    | count by _sourceHost // assuming these are the source IPs
    | count by _sourceHost

    This is a trick to get a similar output of the count_distinct operator but is a bit faster.

    Comment actions Permalink
  • Avatar
    David Day

    Graham,

         Thanks.  That was exactly what I was looking for.

    0
    Comment actions Permalink

Please sign in to leave a comment.