如何返回一个总结类似外观的查询?

时间:2016-02-05 16:22:04

标签: sql group-by

我想要一个查询,它会对所有相同的列进行分组,并在输出中有一个额外的列,每个唯一的总数与下面的输出类似?

1.., 2.., 10.., 11.., 12.., 13.., 14.., 15.., 3.., 4.., 5.., undefined!

我希望我的输出是这样的:

sig_id  ip_src       ip_dst         sig_name                                        timestamp
504    192.168.0.1  192.168.0.103   COMMUNITY WEB-PHP DeluxeBB forums.php access    2010-08-23 21:47:56
504    192.168.0.1  192.168.0.103   COMMUNITY WEB-PHP DeluxeBB forums.php access    2010-08-23 21:47:56
504    192.168.0.1  192.168.0.103   COMMUNITY WEB-PHP DeluxeBB forums.php access    2010-08-23 21:47:56
504    192.168.0.1  192.168.0.103   COMMUNITY WEB-PHP DeluxeBB forums.php access    2010-08-23 21:47:56


503    192.168.1.3  63.243.90.10    ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47
503    192.168.1.3  63.243.90.10    ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47
503    192.168.1.3  63.243.90.10    ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47
503    192.168.1.3  63.243.90.10    ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47

以下是我尝试的查询,但这是完全错误的:

  sig_id  ip_src       ip_dst         sig_name                                        timestamp          num
  504     192.168.0.1  192.168.0.103  COMMUNITY WEB-PHP DeluxeBB forums.php access  2010-08-23 21:47:56   4

sig_id  ip_src       ip_dst         sig_name                                        timestamp                                                             num
503    192.168.1.3  63.243.90.10    ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 2010-08-23 21:51:47    4

返回

select 
    signature.sig_id, inet_ntoa(ip_src), inet_ntoa(ip_dst), 
    signature.sig_name, event.timestamp, count(*) as num
from 
    signature
join 
    event on signature.sig_id = event.signature
join 
    iphdr on event.sid = iphdr.sid
group by 
    signature;

1 个答案:

答案 0 :(得分:0)

试试这个...... 

select signature.sig_id, inet_ntoa(ip_src), inet_ntoa(ip_dst), 
signature.sig_name, event.timestamp, count(*) as num
from 
   signature
join 
   event on signature.sig_id = event.signature
join 
    iphdr on event.sid = iphdr.sid
group by signature.sig_id, inet_ntoa, inet_ntoa, 
   signature.sig_name, event.timestamp

通常,在执行像' count'这样的聚合函数时,需要选择列表中其他列的组。

相关问题
最新问题