Re: Vulnerabilities per computer

TomCollick · ‎04-14-2011

hi, I am new to splunk and am trying to make a querry to give me all vulnerabilities of each computer in my domain. I have the following but it does not seem to work.

sourcetype=my_logs category=4 OR category=5 business=*My_business* |dedup host | stats count(signature) by host as Vuln |sort -count

thank you

Ayn · ‎04-14-2011

You don't specify the results you are getting, but based on the search you're issuing it looks like the problem lies within the dedup host directive. This will make Splunk include only one event per unique value for the host field. Remove that part of your search and you should be good to go, i.e.:

sourcetype=my_logs category=4 OR category=5 business=*My_business* | stats count by host as Vuln | sort -count

You can also use top instead of stats count which has the advantage that it also gives you how many percent each host contributes to the total number of vulnerabilities.

Vulnerabilities per computer

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

Join the Conversation