Dashboards & Visualizations

having stats count and stats values combined

Merryvor
Explorer

Hello,

I'm trying to obtain a table like this :

FQDNurilist of  attack_typesattack_number
www.test.com/index

Information Leakage

Path Traversal

57
www.test.com/testPath Traversal30
prod.com/sample

Abuse of Functionality

Forceful Browsing

Command Execution

10

 

I can obtain the table without the list of attack_types, but I can't figure out how to add the values function.

| stats count as attack_number by FQDN,uri 
| stats values(attack_type) as "Types of attack"

 For each FQDN/uri I want to have the number of attacks, and all the attack_types seen.

It seems obvious, but I'm missing it.

Can someone help me ?

Labels (1)
0 Karma
1 Solution

bowesmana
SplunkTrust
SplunkTrust

Just put the 

values(attack_type) as "Types of attack"

into the first stats.

You can't do 2 stats like that as you don't have the attack_type anymore after the first stats

View solution in original post

0 Karma

Merryvor
Explorer

Thank you @bowesmana  

I actually tried this before

| stats count as attack_number by FQDN,uri values(attack_type) as "Types of attack"

 but it didn't return anything.

However this is working :

| stats values(attack_type) as "Types of attack" count as attack_number by FQDN,uri 

I guess this way the by clause applies to both count and values function.

seems logic now that I see it !

0 Karma

bowesmana
SplunkTrust
SplunkTrust

Yes, you're right - the logic for stats is stats - followed by as many aggregations you want and then the by clause.

 

0 Karma

bowesmana
SplunkTrust
SplunkTrust

Just put the 

values(attack_type) as "Types of attack"

into the first stats.

You can't do 2 stats like that as you don't have the attack_type anymore after the first stats

0 Karma
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...