Sample Search
index=firewall src IN (10.11.12.*) dst IN ("10.12.14.15","11.12.13.14") action!=allowed | table _time origin src dest s_port service tcp_flags action layer_name
Last updated
index=firewall src IN (10.11.12.*) dst IN ("10.12.14.15","11.12.13.14") action!=allowed | table _time origin src dest s_port service tcp_flags action layer_name
Last updated