THE GAME HAS CHANGED

Introducing Infoblox Universal DDI ManagementTM

Watch the launch to discover the new era of management for critical network services. Watch Now

Reporting

Reply

guidance on custom search
PhilKing
New Member
Posts: 2

‎03-08-2023 01:53 PM

1739     0

I'm trying to find some direction customizing a search string, but have not found the correct search phrase to help. I found a report (DNS Top Requested Domain Names) that is close to what I'm looking for. I would like to modify the search string behind this report to return all matching for domain names beginning with 'xyz' instead of the top requested domain names. 

 

I think the highlighted section needs to be updated, but cannot find any information on the syntax to use.

 

index=ib_dns_summary report=si_dns_requested_domain | lookup dns_viewkey_displayname_lookup VIEW output display_name | stats sum(COUNT) as FQDN_TOTAL by FQDN | sort -FQDN_TOTAL | head 10 | eventstats sum(FQDN_TOTAL) as TOTAL | eval PERCENT=round(FQDN_TOTAL*100/TOTAL, 1) | eval PHOST=FQDN+" ("+PERCENT+"%)" | rename FQDN_TOTAL as Count, PHOST as "Domain Name" | fields "Domain Name", Count

Reply
0 Kudos

Re: guidance on custom search

[ Edited ]
shukran
Superuser
Posts: 38

‎03-09-2023 09:32 PM - edited ‎03-09-2023 09:33 PM

1739     0

Hey,

 

You can use the wildcard (*) search to filter out the domains starting with 'xyz'.

You can modify your search to include the FQDN.

index=ib_dns_summary report=si_dns_requested_domain FQDN="xyz*" | lookup......

'head 10' gives you top 10 in the list. if you want all the results you can remove this from the query.

Shukran
Reply

Re: guidance on custom search
PhilKing
New Member
Posts: 2

‎03-10-2023 07:28 AM

1739     0

that was exactly what I was trying to get. Thanks.

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements