topic Re: Something aking to | sort | uniq -c | sort -nr in General Topics https://live.paloaltonetworks.com/t5/general-topics/something-aking-to-sort-uniq-c-sort-nr/m-p/436864#M96307 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/14162">@jackd</a>&nbsp;I presume you are referring to the traffic log query engine on the farewell/Panorama and&nbsp; yes, it is not very advanced and distinct or uniq function are definitely missing.&nbsp;</P><P>We use external SIME solution with advanced queries capabilities, but for&nbsp; a small tasks I would export the logs and use Unix or some script to query them. You can also use the firewall local reporting engine to generate something similar. For example you can create a report on only unique source IPs hit count over a period of time, but this also has its limitation.&nbsp;</P> Mon, 27 Sep 2021 13:36:27 GMT Retired Member 2021-09-27T13:36:27Z Something aking to | sort | uniq -c | sort -nr https://live.paloaltonetworks.com/t5/general-topics/something-aking-to-sort-uniq-c-sort-nr/m-p/432477#M95747 <P class="_1qeIAgB0cPwnLhDF9XSiJM">Like the title says, is there a way to run a filter for a period of time, pull out a list of IPs, sort them, remove the duplicates with a count, and sort them by most popular?</P><P class="_1qeIAgB0cPwnLhDF9XSiJM">This is a common <FONT color="#333300"><A href="https://omegle.club" target="_blank" rel="noopener">omegle</A> </FONT>thing to do with syslog data, say you have a very permissive rule and you want to see what source IPs are being used by that rule. You could awk print the source IP column and filter it accordingly. How are you folks working with data like this?</P><P class="_1qeIAgB0cPwnLhDF9XSiJM"><FONT color="#000000"><A href="https://azar.pro" target="_blank" rel="noopener">azar</A></FONT></P><P class="_1qeIAgB0cPwnLhDF9XSiJM">Thanks</P> Tue, 28 Sep 2021 07:08:33 GMT https://live.paloaltonetworks.com/t5/general-topics/something-aking-to-sort-uniq-c-sort-nr/m-p/432477#M95747 Jack45 2021-09-28T07:08:33Z Re: Something aking to | sort | uniq -c | sort -nr https://live.paloaltonetworks.com/t5/general-topics/something-aking-to-sort-uniq-c-sort-nr/m-p/436864#M96307 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/14162">@jackd</a>&nbsp;I presume you are referring to the traffic log query engine on the farewell/Panorama and&nbsp; yes, it is not very advanced and distinct or uniq function are definitely missing.&nbsp;</P><P>We use external SIME solution with advanced queries capabilities, but for&nbsp; a small tasks I would export the logs and use Unix or some script to query them. You can also use the firewall local reporting engine to generate something similar. For example you can create a report on only unique source IPs hit count over a period of time, but this also has its limitation.&nbsp;</P> Mon, 27 Sep 2021 13:36:27 GMT https://live.paloaltonetworks.com/t5/general-topics/something-aking-to-sort-uniq-c-sort-nr/m-p/436864#M96307 Retired Member 2021-09-27T13:36:27Z