Notice
Recent Posts
Recent Comments
Link
후니의 IT인프라 사전
[WAF] insight 로그 모음 본문
- 국가 기반, ip 기반 WAF rate-limit blockcount 조회 쿼리
fields @timestamp, @message
| filter @message like /Rate-Limit/ and @message like /BLOCK/
| parse @message '"terminatingRuleId":"*"' as ruleId
| parse @message '"clientIp":"*"' as clientIp
| parse @message '"country":"*"' as country
| stats count(*) as blockCount by clientIp, country
| sort blockCount desc
| limit 100