Lab 2 - Simple Parsing, Grouping, and Filtering
Learn basic operators to parse and group your search results.
Learn basic operators to parse and group your search results.
-
Search CloudTrail logs to identify the top 10 IP addresses for the US West Region.
_sourceCategory=Labs/AWS/CloudTrail
// You can use the json operator on json-formatted logs
| json "awsRegion"
| where awsregion="us-west-1"
// You can use a mix of parsing operators in the same query
| parse regex "(?<ip_address>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
| count by ip_address
| top 10 ip_address by _count
You can chart your results by choosing any of the available charting options.
