How to create multi value field?

For example, I have the following table:

src_ip | ids_signature
1.1.1.1 | SID-1-0001
1.1.1.1 | SID-1-0002
1.1.1.1 | SID-1-0002
1.1.1.1 | SID-1-0002
1.1.1.1 | SID-1-0003
2.2.2.2 | SID-1-0004

I would like to aggregate all of the possible values for ids_signature, number of distinct ids_signature, as well as the number of event count by src_ip in this way:

src_ip | ids_signature | distinct_count | count
1.1.1.1 | SID-1-0001,SID-1-0002,SID-1-0003 | 3 | 5
2.2.2.2 | SID-1-0004 | 1 | 1

Do I have any way to achieve this?

How to create multi value field?

Comments

Didn't find what you were looking for?