count

Synopsis

count hits for a query without exporting data

parameters:
  [-h | -? | --help]                 prints the help text
  [--disable-taxonomies]             don't substitute taxonomy identifiers
  [-e | --estimate]                  estimate an upper bound by skipping candidate checks

Documentation

The count command counts the number of events that a given query expression yields. For example:

vast count ':addr in 192.168.0.0/16'

This prints the number of events in the database that have an address field in the subnet 192.168.0.0/16.

An optional --estimate flag skips the candidate checks, i.e., asks only the index and does not verify the hits against the database. This is a faster operation and useful when an upper bound suffices.

Synopsis#

Documentation#

Synopsis

Documentation