How can I see the top 10 worst URIs from WAF when using transpose? I can visually see the bad ones but would like to only include the 10 biggest.
| where httpSourceName = "CF"
| json field=_raw "ruleGroupList"
| json field=_raw "httpRequest.uri" as uri
| parse regex field=uri "(?<uriStem>\/.*?)\/" nodrop
| timeslice 1d
| count by _timeslice, uriStem
| transpose row _timeslice column uriStem
Please sign in to leave a comment.