1. 首頁
  2. 問答
  3. 如何返回總結類似外觀的查詢?

如何返回總結類似外觀的查詢?

2016-02-05 35 views
0

我想要一個查詢,將所有相同的列分組,並在我的輸出中有一個額外的列,每個獨特的總數與下面的輸出類似?如何返回總結類似外觀的查詢?

sig_id ip_src  ip_dst   sig_name          timestamp 
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56 
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56 
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56 
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56 


503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47 
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47 
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47 
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47

我希望我的輸出是這樣的:

sig_id ip_src  ip_dst   sig_name          timestamp   num 
    504  192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56 4 

sig_id ip_src  ip_dst   sig_name          timestamp                num 
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47 4

這裏是我已經試過了查詢,但它是完全錯誤的:

select 
    signature.sig_id, inet_ntoa(ip_src), inet_ntoa(ip_dst), 
    signature.sig_name, event.timestamp, count(*) as num 
from 
    signature 
join 
    event on signature.sig_id = event.signature 
join 
    iphdr on event.sid = iphdr.sid 
group by 
    signature;

返回

sig_id ip_src  ip_dst   sig_name          timestamp                num 
    501 192.168.0.1 192.168.0.103 DNS SPOOF query response with TTL of 1 min. and no authority 2010-08-23 21:43:37         5236 
    502 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB newpost.php access 2010-08-23 21:45:39             238 
    503 192.168.0.1 192.168.0.103 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:47:12 1428 
    504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56             119 
    505 192.168.0.1 192.168.0.103 MS-SQL version overflow attempt 2003-09-05 06:14:33                 2261 
    506 192.168.0.1 192.168.0.103 NETBIOS SMB repeated logon failure 2003-09-06 14:11:57                4879

來源

2016-02-05 BuzzLightYear

+0

你正在處理的查詢在哪裏?你有什麼嘗試? – gitsitgo

+0

@gitsitgo增加了它大聲笑..它可怕的壽ha haha​​h – BuzzLightYear

+0

比沒有好,;)。告訴我們你實際上已經嘗試了一些東很高興你有你的答案! – gitsitgo

回答

0

試試這個...

select signature.sig_id, inet_ntoa(ip_src), inet_ntoa(ip_dst), 
signature.sig_name, event.timestamp, count(*) as num 
from 
    signature 
join 
    event on signature.sig_id = event.signature 
join 
    iphdr on event.sid = iphdr.sid 
group by signature.sig_id, inet_ntoa, inet_ntoa, 
    signature.sig_name, event.timestamp

一般來說執行像「計數」的聚集函數時,需要有一組通過在選擇列表中的其他列。

來源

2016-02-05 16:27:01 Dave

相關問題

 相關問題