Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- index=<your dns index> NOT (query=_ldap* OR query=_gc* OR query=_kerberos* OR query=1B* OR query=Coordinator* ) | eval mixed_case=if(match(query, "[a-z][A-Z]|[A-Z][a-z]|[A-Z]\.[a-z]|[a-z]\.[A-Z]"),"true","false") | search mixed_case=true |eval norm_query=lower(query) | stats count values(query) as query values(host) as dns_servers by dest norm_query
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
