When one is running a QUERY/REPORT in MARSv4.3 how can I go about identifying which reporting device is generating the events? I have several devices pumping logs to the MARS but I can't seem to tell which one is generating which event.
For example -
I run a query against all Event Types ranked by Sessions for the last 10 minutes. I submit in-line. The results are sorted etc but I can't figure out how to drill down and see which IP is causing the event.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...