a guest Mar 26th, 2019 79 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. index=<your dns index> NOT (query=_ldap* OR query=_gc* OR query=_kerberos* OR query=1B* OR query=Coordinator* ) | eval mixed_case=if(match(query, "[a-z][A-Z]|[A-Z][a-z]|[A-Z]\.[a-z]|[a-z]\.[A-Z]"),"true","false") | search mixed_case=true |eval norm_query=lower(query) | stats count values(query) as query values(host) as dns_servers by dest norm_query
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand