I recently got Graylog installed and I have it working as needed. I am trying to build a list of required ports to open for a device on my network.
I have firewall rules blocking the access so my gray logs are helping me a ton but i am overwhelmed by the amount of blocks its hard to filter the messages I need to find the ports to open (from what I can tell so far its a pretty wide range of UDP ports).
If this was a database query, I would select the destination ports and group by source ip and filter out distinct values. So in essence I am trying to do the same with my gray logs.
Would I do this in a dashboard or a customer search query? Any pointers in the right direction would be appreciated, thanks!