An analyst is investigating the number of failed login attempts by IP address. Which SPL command can be used to create a temporary table containing the number of failed login attempts by IP address over a specific time period?
A.
index=security_logs eventtype=failed_login | eval count as failed_attempts by src_ip | sort -failed_attempts
B.
index=security_logs eventtype=failed_login | transaction count as failed_attempts by src_ip | sort -failed_attempts
C.
index=security_logs eventtype=failed_login | stats count as failed_attempts by src_ip | sort -failed_attempts
D.
index=security_logs eventtype=failed_login | sum count as failed_attempts by src_ip | sort -failed_attempts
Thestatscommand is used to generate statistics, such as counts, over specific fields. In this case, the commandindex=security_logs eventtype=failed_login | stats count as failed_attempts by src_ip | sort -failed_attemptscreates a temporary table that counts the number of failed login attempts (failed_attempts) for each source IP (src_ip). Thesort -failed_attemptsensures the results are ordered by the number of failed attempts in descending order, making it easier for an analyst to identify problematic IPs.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit