Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Vulnerabilities per computer

TomCollick
Explorer
‎04-14-2011 01:31 PM

hi, I am new to splunk and am trying to make a querry to give me all vulnerabilities of each computer in my domain. I have the following but it does not seem to work.

sourcetype=my_logs category=4 OR category=5 business=*My_business* |dedup host | stats count(signature) by host as Vuln |sort -count

thank you

Tags (1)
0 Karma
Reply

Ayn
Legend
‎04-14-2011 01:54 PM

You don't specify the results you are getting, but based on the search you're issuing it looks like the problem lies within the dedup host directive. This will make Splunk include only one event per unique value for the host field. Remove that part of your search and you should be good to go, i.e.:

sourcetype=my_logs category=4 OR category=5 business=*My_business* | stats count by host as Vuln | sort -count

You can also use top instead of stats count which has the advantage that it also gives you how many percent each host contributes to the total number of vulnerabilities.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...