junk/spl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
spl/idea_in_future.md
junk 5592e6f21b Add idea_in_future.md
2025-01-12 15:53:49 -05:00

557 B
Raw Permalink Blame History 

index=* sourcetype=zeek*
| iplocation prefix=Source_ allfields=true id.orig_h
| eval "Source_Location"=case(Source_City=="Whitehall", "Lumen",Source_City== "Quantico", "MCCOG")
| iplocation prefix=Destination_ allfields=true  id.resp_h
| eval "Destination_Location"=case(Destination_City=="Whitehall", "Lumen",Destination_City== "Quantico", "MCCOG")
| table sourcetype, _time, id.orig_h, "Source_City","Source_Region","Source_Country", "Source_Location",id.resp_h,"Destination_City","Destination_Region","Destination_Country", "Destination_Location"