Hi Everyone, I trying to created a Dashboard that will only shows Allowed traffic from a specific sourtcetype (ie. squid), with the MIME Type anything related to java ONLY and the x_wbrs_score < -3.5 and > -5.9
Then with that information, put together a graphic that shows HTTP user agent vs Time which refreshes every hour for the previous hours traffic. Line based chart/or plotted is preferred.
Thanks in advanced.
So far what I got is this.... but I'm not sure that is want I need.
index="outside" sourcetype="squid" | eval cs_mime_type=lower(cs_mime_type)| search cs_mime_type=java OR cs_mime_type=json x_wbrs_score<-3.5 x_wbrs_score>-5.9 earliest = -1h | eval _time = strptime(time, "%Y-%m-%d") | search * earliest=-1h