This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
aur31ius1
Absent Member.
Absent Member.
‎2015-07-24 20:31
335 views

I cant get a Query to work right. Arcsight says my syntax is wrong

SELECT events.arc_deviceAction

events.COUNT(DISTINCT events.arc_deviceAction) attempts

FROM events

WHERE events.arc_deviceVendor = Snort

AND events.arc_deviceVendor = CISCO

AND events.arc_deviceVendor = Mcafee

AND events.arc_deviceVendor = Juniper

GROUP BY events.arc_deviceAction

Labels (1)
Labels
Tags (2)
0 Likes
Reply
Report Inappropriate Content
2 Replies
mmaul
Absent Member.
Absent Member.
‎2015-07-24 21:45

SELECT events.arc_deviceAction,

COUNT(DISTINCT events.arc_deviceAction)  attempts

FROM events

WHERE events.arc_deviceVendor = 'Snort'

AND events.arc_deviceVendor = 'CISCO'

AND events.arc_deviceVendor = 'Mcafee'

AND events.arc_deviceVendor = 'Juniper'

GROUP BY events.arc_deviceAction

0 Likes
Reply
Report Inappropriate Content
rhope
Fleet Admiral
Fleet Admiral
‎2015-07-25 03:07

You've fixed the syntax error, but not the logic error, it should be OR and not and for the arc_deviceVendor (the events will only have one vendor). I'm also guessing that the DISTINCT isn't actually what the OP wants, the query will just return each deviceAction with a count of 1.

SELECT events.arc_deviceAction,

COUNT(events.arc_deviceAction)  attempts

FROM events

WHERE (events.arc_deviceVendor = 'Snort'

OR events.arc_deviceVendor = 'CISCO'

OR events.arc_deviceVendor = 'Mcafee'

OR events.arc_deviceVendor = 'Juniper')

GROUP BY events.arc_deviceAction

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.