Vulnerabilities per computer

TomCollick · ‎04-14-2011

hi, I am new to splunk and am trying to make a querry to give me all vulnerabilities of each computer in my domain. I have the following but it does not seem to work.

sourcetype=my_logs category=4 OR category=5 business=*My_business* |dedup host | stats count(signature) by host as Vuln |sort -count

thank you

Ayn · ‎04-14-2011

You don't specify the results you are getting, but based on the search you're issuing it looks like the problem lies within the dedup host directive. This will make Splunk include only one event per unique value for the host field. Remove that part of your search and you should be good to go, i.e.:

sourcetype=my_logs category=4 OR category=5 business=*My_business* | stats count by host as Vuln | sort -count

You can also use top instead of stats count which has the advantage that it also gives you how many percent each host contributes to the total number of vulnerabilities.

Vulnerabilities per computer

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation

Vulnerabilities per computer

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future