SPL Performance improvement: Kubernetes AWS detect suspicious kubectl calls
bowesmana opened this issue · comments
bowesmana commented
The table statement is redundant. Should be
`aws_cloudwatchlogs_eks` userAgent=kubectl* sourceIPs{}!=127.0.0.1 sourceIPs{}!=::1 src_user=system:anonymous
| stats count by src_ip src_user verb userAgent requestURI
|`kubernetes_aws_detect_suspicious_kubectl_calls_filter`
Bhavin Patel commented
Thank you! PR for the fix: #2454