Top 10 with transpose

Follow
Avatar
Paul Seward

Hi,

How can I see the top 10 worst URIs from WAF when using transpose? I can visually see the bad ones but would like to only include the 10 biggest.

_sourceCategory=AWS/WAF
| where httpSourceName = "CF"
| json field=_raw "ruleGroupList"
| json field=_raw "httpRequest.uri" as uri
| parse regex field=uri "(?<uriStem>\/.*?)\/" nodrop
| timeslice 1d
| count by _timeslice, uriStem
| transpose row _timeslice column uriStem

Paul

0

Comments

0 comments

Please sign in to leave a comment.

Didn't find what you were looking for?

New post