index=main source=“udp:514″ sourcetype=“udp:514″ host=“10.136.20.101″ si.zgt.de | dedup bind_client bind_query | table bind_client bind_query | rename bind_client AS Client | sort Client
index=main source=“udp:514″ sourcetype=“udp:514″ host=“10.136.20.101″ si.zgt.de | dedup bind_client bind_query | stats list(bind_query) by bind_client | sort client
index=main source=“udp:514″ sourcetype=“udp:514″ host=“10.136.20.101″ si.zgt.de | stats count(_raw) AS anzahl_events by bind_client, bind_query | table bind_client bind_query anzahl_events | sort bind_client
index=main source=“udp:514″ sourcetype=“udp:514″ host=“10.136.20.101″ si.zgt.de earliest=-15m latest=now | stats count(_raw) AS anzahl_events by bind_client, bind_query | lookup dnslookup clientip AS bind_client | table bind_client clienthost bind_query anzahl_events | sort -anzahl_events, bind_client
index=main source=“udp:514″ sourcetype=“udp:514″ host=“10.136.20.101″ si.zgt.de earliest=-15h latest=now | stats count(_raw) AS anzahl_events by bind_client, bind_query | lookup dnslookup clientip AS bind_client | table bind_client clienthost bind_query anzahl_events | sort -anzahl_events, bind_client
index=main AND source=“udp:514″ AND sourcetype=“udp:514″ host=“10.136.20.101″
anzora7.si.zgt.de OR anzora8.si.zgt.de OR ariadne.si.zgt.de OR ariadne-sc.si.zgt.de OR dns01.si.zgt.de
OR zgt-nw8.si.zgt.de
OR zgt-nw8-w.si.zgt.de
earliest=-2h latest=now | stats count(_raw) AS anzahl_events by bind_client, bind_query | lookup dnslookup clientip AS bind_client | table bind_client clienthost bind_query anzahl_events | sort -anzahl_events, bind_client
index=main AND source=“udp:514″ AND sourcetype=“udp:514″ host=“10.136.20.101″
anzora7.si.zgt.de OR anzora8.si.zgt.de OR ariadne.si.zgt.de OR ariadne-sc.si.zgt.de OR dns01.si.zgt.de
OR zgt-nw6-w.si.zgt.de
OR zgt-nw8.si.zgt.de
OR zgt-nw8-w.si.zgt.de
earliest=-2h latest=now | stats count(_raw) AS anzahl_events by bind_client, bind_query | lookup dnslookup clientip AS bind_client | table bind_client clienthost bind_query anzahl_events | sort -anzahl_events, bind_client