0

我对 splunk 很陌生,正在创建一个仪表板来显示最不合规的情况。对于下面的数据,我想显示最不合规的控件(示例输出也在下面提到)

任何人都可以让我知道我怎样才能写一个搜索查询?

提前致谢。

Event_ID: abc1
Compliance_result: Non-Compliant
Eval_results: {
    required_tags: {
        compliance: Compliant 
        }
    encryption_enabled:{
        compliance: Non-Compliant
        }
    public_access:{
        compliance: Compliant
        }
    policy_enabled:{
        compliance: Compliant
        }
}


Event_ID: abc2
Compliance_result: Non-Compliant
Eval_results: {
    required_tags: {
        compliance: Compliant 
        }
    encryption_enabled:{
        compliance: Non-Compliant
        }
    public_access:{
        compliance: Non-Compliant
        }
    policy_enabled:{
        compliance: Compliant
        }
}

生成以下格式的表格 -

Top Non Compliance controls:

public_access - 2

encryption_enabled - 1
4

0 回答 0