SPL Performance improvement: Kubernetes AWS detect suspicious kubectl calls

Question

SPL Performance improvement: Kubernetes AWS detect suspicious kubectl calls

bowesmana opened this issue 2 years ago · comments

The table statement is redundant. Should be

`aws_cloudwatchlogs_eks` userAgent=kubectl* sourceIPs{}!=127.0.0.1 sourceIPs{}!=::1 src_user=system:anonymous  
| stats  count by src_ip src_user verb userAgent requestURI 
|`kubernetes_aws_detect_suspicious_kubectl_calls_filter`

Bhavin Patel · Answer 1 · Sat Nov 12 2022 03:53:36 GMT+0800 (China Standard Time)

Thank you! PR for the fix: #2454