huynhbaoan · March 12, 2025 09:18
diff --git a/gistfile1.txt b/gistfile1.txt
 fields @message
 | parse @message " * * * * * * * * * * * * * * *" as version, account_id, interface_id, srcAddr, dstAddr, srcPort, dstPort, protocol, packets, bytes, start_time, end_time, action, log_status
 | filter dstPort = 25 or dstPort = 465
 | filter dstAddr in ["10.39.132.10", "10.39.133.138", "10.39.132.97", "10.39.133.151"]
 | limit 10000
	fields @message
	\| parse @message " * * * * * * * * * * * * * * *" as version, account_id, interface_id, srcAddr, dstAddr, srcPort, dstPort, protocol, packets, bytes, start_time, end_time, action, log_status
	\| filter dstPort = 25 or dstPort = 465
	\| filter dstAddr in ["10.39.132.10", "10.39.133.138", "10.39.132.97", "10.39.133.151"]
	\| limit 10000