Splunk Notes
From Federal Burro of Information
host="10.35.12.1" | stats count by action, host
Fortigate by country:
host="10.35.12.1" | stats count by src_country
host="10.35.12.1" | stats count by action, host
Fortigate by country:
host="10.35.12.1" | stats count by src_country