1. Home
    2. Security Operations
    3. Cortex XDR
    4. Cortex XDR™ XQL Language Reference
    5. Stages Commands Reference
    6. Comp
    7. count

    count

    Cortex XDR XQL comp count_distinct aggregate counts the number of total values seen for the field in the result set.

    Synopsis

    comp count(<
    field
    >) [as <
    alias
    >] by <
    field_1
    >,<
    field_2
    >

    Description

    The
    count
     aggregation is a comp function that returns a count of the number of values found for a field, for all records that contain matching values for the fields identified in the
    by
     clause.
    Use count_distinct to retrieve the number of unique values in the result set.

    Examples

    Return a count of all values seen for the
    actor_process_image_path
     field for all records that have matching values for their
    actor_process_image_path
     and
    actor_process_command_line
     values: 
    dataset = xdr_data 
| fields actor_process_image_path as Process_Path,
         actor_process_command_line as Process_CMD,
         action_total_download as Download 
| filter Download > 0 
| comp count(Process_Path) as num_process_path by process_path, process_cmd 
| sort desc process_path

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo