(not services.truncated: true and services.service_name: {ATG, BACNET, CITRIX, CODESYS, DIGI, DNP3, EIP, FINS, FOX, GE_SRTP, IEC61850_5_104, MODBUS, PCWORX, PRO_CON_OS, S7, WDRPC}) and location.city=`Istanbul` - Host Search

Report on Hosts

This tool allows you to generate a report on the breakdown of a value present on the Hosts returned by your query. For example, to generate a report on ports seen on Hosts with HTTP services, you could query for services.service_name: HTTP and then generate a report on the breakdown of the field services.port

Report for Hosts

services.service_name	services
HTTP	10,517	47.69%
MODBUS	3,147	14.27%
IEC60870_5_104	1,260	5.71%
UNKNOWN	1,179	5.35%
CODESYS	930	4.22%
DNP3	548	2.48%
S7	547	2.48%
IKE	519	2.35%
SSH	517	2.34%
L2TP	336	1.52%
FTP	285	1.29%
VNC	264	1.2%
PORTMAP	222	1.01%
TELNET	208	0.94%
SMTP	186	0.84%
EIP	159	0.72%
NTP	141	0.64%
DCERPC	114	0.52%
RDP	99	0.45%
CHARGEN	97	0.44%
DAYTIME	97	0.44%
SMB	95	0.43%
WINRM	95	0.43%
DNS	60	0.27%
HIKVISION	60	0.27%
RTSP	56	0.25%
SNMP	52	0.24%
FOX	46	0.21%
PPTP	28	0.13%
OPENVPN	23	0.1%
NETBIOS	22	0.1%
PCWORX	19	0.09%
TFTP	11	0.05%
CWMP	10	0.05%
BACNET	8	0.04%
MSSQL	8	0.04%
OPC_UA	8	0.04%
ATG	6	0.03%
MSMQ	6	0.03%
MYSQL	6	0.03%
DIGI	5	0.02%
ECHO	5	0.02%
FINS	4	0.02%
FORTIGUARD	3	0.01%
IPMI	3	0.01%
MMS	3	0.01%
NMEA	3	0.01%
SIP	3	0.01%
ICAP	2	0.01%
IMAP	2	0.01%
Remaining Results	29	0.13%
Total	22,053	100.0%

JSON Report

{
  "query": "(not services.truncated: true and services.service_name: {ATG, BACNET, CITRIX, CODESYS, DIGI, DNP3, EIP, FINS, FOX, GE_SRTP, IEC61850_5_104, MODBUS, PCWORX, PRO_CON_OS, S7, WDRPC}) and location.city=`Istanbul`",
  "field": "services.service_name",
  "total": 22053,
  "duration": 71,
  "total_omitted": 29,
  "potential_deviation": 0,
  "buckets": [
    {
      "key": "HTTP",
      "count": 10517
    },
    {
      "key": "MODBUS",
      "count": 3147
    },
    {
      "key": "IEC60870_5_104",
      "count": 1260
    },
    {
      "key": "UNKNOWN",
      "count": 1179
    },
    {
      "key": "CODESYS",
      "count": 930
    },
    {
      "key": "DNP3",
      "count": 548
    },
    {
      "key": "S7",
      "count": 547
    },
    {
      "key": "IKE",
      "count": 519
    },
    {
      "key": "SSH",
      "count": 517
    },
    {
      "key": "L2TP",
      "count": 336
    },
    {
      "key": "FTP",
      "count": 285
    },
    {
      "key": "VNC",
      "count": 264
    },
    {
      "key": "PORTMAP",
      "count": 222
    },
    {
      "key": "TELNET",
      "count": 208
    },
    {
      "key": "SMTP",
      "count": 186
    },
    {
      "key": "EIP",
      "count": 159
    },
    {
      "key": "NTP",
      "count": 141
    },
    {
      "key": "DCERPC",
      "count": 114
    },
    {
      "key": "RDP",
      "count": 99
    },
    {
      "key": "CHARGEN",
      "count": 97
    },
    {
      "key": "DAYTIME",
      "count": 97
    },
    {
      "key": "SMB",
      "count": 95
    },
    {
      "key": "WINRM",
      "count": 95
    },
    {
      "key": "DNS",
      "count": 60
    },
    {
      "key": "HIKVISION",
      "count": 60
    },
    {
      "key": "RTSP",
      "count": 56
    },
    {
      "key": "SNMP",
      "count": 52
    },
    {
      "key": "FOX",
      "count": 46
    },
    {
      "key": "PPTP",
      "count": 28
    },
    {
      "key": "OPENVPN",
      "count": 23
    },
    {
      "key": "NETBIOS",
      "count": 22
    },
    {
      "key": "PCWORX",
      "count": 19
    },
    {
      "key": "TFTP",
      "count": 11
    },
    {
      "key": "CWMP",
      "count": 10
    },
    {
      "key": "BACNET",
      "count": 8
    },
    {
      "key": "MSSQL",
      "count": 8
    },
    {
      "key": "OPC_UA",
      "count": 8
    },
    {
      "key": "ATG",
      "count": 6
    },
    {
      "key": "MSMQ",
      "count": 6
    },
    {
      "key": "MYSQL",
      "count": 6
    },
    {
      "key": "DIGI",
      "count": 5
    },
    {
      "key": "ECHO",
      "count": 5
    },
    {
      "key": "FINS",
      "count": 4
    },
    {
      "key": "FORTIGUARD",
      "count": 3
    },
    {
      "key": "IPMI",
      "count": 3
    },
    {
      "key": "MMS",
      "count": 3
    },
    {
      "key": "NMEA",
      "count": 3
    },
    {
      "key": "SIP",
      "count": 3
    },
    {
      "key": "ICAP",
      "count": 2
    },
    {
      "key": "IMAP",
      "count": 2
    }
  ]
}