-
Notifications
You must be signed in to change notification settings - Fork 47
Datalust's Seq Queries
Mohamed Samy edited this page Jun 2, 2020
·
2 revisions
The following is an example of Seq Queries for generating reports from SecureDNS Structured Logs.
select Coalesce(Answer.Answers[0].Domain, Answer.Questions[0].Domain) as Domain, Coalesce(Answer.Answers[0].Type, Answer.Questions[0].Type) as Type, Answer.Answers[0].Record.Address as IP, RemoteEndPoint from stream where StartsWith(@Message, 'Resolved') and Type = 'A' limit 1024select Coalesce(Answer.Answers[0].Domain, Answer.Questions[0].Domain) as Domain, Coalesce(Answer.Answers[0].Type, Answer.Questions[0].Type) as Type, Answer.Answers[0].Record.Domain as CNAME, RemoteEndPoint from stream where StartsWith(@Message, 'Resolved') and Type = 'CNAME' limit 1024select distinct(Answer.Questions[0].Domain) from streamselect Answer.ID as ID, Answer.Questions[0].Domain as Domain from stream where StartsWith(@Message, 'Filtered')Texnomic SecureDNS © 2020