SQL Query [Count the result of a query]

Stack Overflow Asked by abdelhalim on February 3, 2021

I am trying to send an SQL query in Elasticsearch, and I am not getting the result expected.
I wanna display the number of users that has more than 10 failed authentication, so I am using this query:

SELECT COUNT(*) as result_count 
FROM (
SELECT user.name, COUNT(*) as result 
FROM "winlogbeat-*"  
WHERE event.category = 'authentication'  
AND event.action = 'logon-failed'
GROUP BY user.name
HAVING result > 10
)

I am getting a result like that:

|result_count|
|:----------:|
|     29     |
|     78     |
|     13     |
|------------|

The expected result that I am waiting is:

Could you please help me to understand what I am doing wrong to get this unexpected result !

Thanks 🙂

elasticsearch mysql sql

Add your own answers!

Ask a Question

Get help from others!

Recent Answers

Lex on Does Google Analytics track 404 page responses as valid page views?
Peter Machado on Why fry rice before boiling?
Jon Church on Why fry rice before boiling?
Joshua Engel on Why fry rice before boiling?
haakon.io on Why fry rice before boiling?