1. 首页
  2. 问答
  3. 如何返回总结类似外观的查询?

如何返回总结类似外观的查询?

2016-02-05 32 views
0

我想要一个查询,将所有相同的列分组,并在我的输出中有一个额外的列,每个独特的总数与下面的输出类似?如何返回总结类似外观的查询?

sig_id ip_src  ip_dst   sig_name          timestamp 
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56 
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56 
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56 
504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56 


503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47 
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47 
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47 
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47

我希望我的输出是这样的:

sig_id ip_src  ip_dst   sig_name          timestamp   num 
    504  192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56 4 

sig_id ip_src  ip_dst   sig_name          timestamp                num 
503 192.168.1.3 63.243.90.10 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47 4

这里是我已经试过了查询,但它是完全错误的:

select 
    signature.sig_id, inet_ntoa(ip_src), inet_ntoa(ip_dst), 
    signature.sig_name, event.timestamp, count(*) as num 
from 
    signature 
join 
    event on signature.sig_id = event.signature 
join 
    iphdr on event.sid = iphdr.sid 
group by 
    signature;

返回

sig_id ip_src  ip_dst   sig_name          timestamp                num 
    501 192.168.0.1 192.168.0.103 DNS SPOOF query response with TTL of 1 min. and no authority 2010-08-23 21:43:37         5236 
    502 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB newpost.php access 2010-08-23 21:45:39             238 
    503 192.168.0.1 192.168.0.103 ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:47:12 1428 
    504 192.168.0.1 192.168.0.103 COMMUNITY WEB-PHP DeluxeBB forums.php access 2010-08-23 21:47:56             119 
    505 192.168.0.1 192.168.0.103 MS-SQL version overflow attempt 2003-09-05 06:14:33                 2261 
    506 192.168.0.1 192.168.0.103 NETBIOS SMB repeated logon failure 2003-09-06 14:11:57                4879

来源

2016-02-05 BuzzLightYear

+0

你正在处理的查询在哪里?你有什么尝试? – gitsitgo

+0

@gitsitgo增加了它大声笑..它可怕的寿ha haha​​h – BuzzLightYear

+0

比没有好,;)。告诉我们你实际上已经尝试了一些东很高兴你有你的答案! – gitsitgo

回答

0

试试这个...

select signature.sig_id, inet_ntoa(ip_src), inet_ntoa(ip_dst), 
signature.sig_name, event.timestamp, count(*) as num 
from 
    signature 
join 
    event on signature.sig_id = event.signature 
join 
    iphdr on event.sid = iphdr.sid 
group by signature.sig_id, inet_ntoa, inet_ntoa, 
    signature.sig_name, event.timestamp

一般来说执行像“计数”的聚集函数时,需要有一组通过在选择列表中的其他列。

来源

2016-02-05 16:27:01 Dave

相关问题

 相关问题