- KNOWLEDGE BASE
- ANALYZE IN STYLE
- FUNCTIONS
-
START YOUR TRIAL
-
DEVICE INTEGRATION
-
CONNECTORS
-
DATA INGESTION
-
HUNTING WITH WORKBOOKS
-
ANALYZE IN STYLE
-
SECURITY MONITORING
-
OPERATIONS
-
MANAGE DASHBOARDS
-
MANAGE REPORTS
-
USER MANAGEMENT & ACCESS CONTROL
-
BILLING
-
MANAGING YOUR COMPONENTS
-
GETTING STARTED
-
INSTALLATION
-
SOLUTION DESIGN
-
AUTOMATION
-
TROUBLESHOOTING AND DEBUGGING
-
LICENSE MANAGEMENT
-
RELEASE NOTES
-
API
-
POLICIES
-
SECURITY BULLETINS
-
Best Practices
Count_if
The count_if function returns the number of records that satisfy the condition. The following illustrates the syntax of the count_if function:
stream=FIREWALL|groupby dstip|select dstip, count_if(dstport==23)|having count_if_col1>0
Here,
- Stream is Firewall
- Groupby function allows to organize similar data into groups i.e. groupby destination IP Address.
- Select function helps you to retrieve records from one or more tables, the records retrieved are known as a result set.
- The count_if (condition) function returns a count of events where condition is met.
In this example, on execution it should retrieve all fields for each event where the stream is a firewall, it retrieves the total count of events against the appropriate destination ip address, The output is shown as below:
