Splunk Notes
From Federal Burro of Information
host="10.35.12.1" | stats count by action, host
Fortigate by country:
host="10.35.12.1" | stats count by src_country
log lines by time
host="10.35.12.161" | chart count by _time
grep -v
host="10.35.12.161" NOT "slapd"