I'm currently creating a list that lists top 10 technologies and I'm trying to rename "Red" as "Red Hat" using the rename command.
Here's the query:
| tstats summariesonly=f dc(Vulnerabilities.signature) as count from datamodel="Vulnerabilitiesv3" where (nodename="Vulnerabilities" (Vulnerabilities.severity!=informational Vulnerabilities.severity!=unknown) Vulnerabilities.dest_bunit IN (*) Vulnerabilities.property IN (*) ) by Vulnerabilities.dest, Vulnerabilities.signature, Vulnerabilities.point_of_contact, Vulnerabilities.solution
| rename Vulnerabilities.* AS *
| rename signature as sig
| lookup workday.csv shortid as point_of_contact output l1, l2,l3,l4
| search (l1="*" OR l2="*" OR l3="*" OR l4="*")
| fields - point_of_contact
| rex field=sig "^(?[^\W]++)"
| stats sum(count) as count by Technology
| sort- count
| head 10
| rename Red as "Red Hat"
This is the results:
Technology count
RHEL 6906424
Oracle 1507478
CentOS 402534
Network 186231
Ubuntu 129319
Red 109693
↧