Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

Reporting

Reply

Query volume per domain Show Also zero occurence value

[ Edited ]
Authority
Posts: 15
2377     0

Hi All 

I try to create a report that show queries number for some domain name... 

I found this SLP syntax that works good, but it didn't show the domanin with queries value 0:

 

"index=ib_dns_summary report=si_dns_requested_domain FQDN="domain1.com" OR FQDN="domain2.com""| stats sum(COUNT) as FQDN_TOTAL by FQDN"

 

The domain1.com have queries and show the result with:

FQDN "domain1.com" FQDN_Total  "n"

but the doman2.com haven't queries and appear anything.. 

Is it possible show it in result (under domain1.com) in this way:

FQDN "domain2.com" FQDN_Total "0"

I found "fillnull" but seems not be the right way

 

Thanks in advance

Re: Query volume per domain Show Also zero occurence value

Authority
Posts: 15
2378     0

Anyone can give a suggest?

 

Thanks in advance

Showing results for 
Search instead for 
Did you mean: 

Recommended for You