I have results that look like the following
dest_ip, dest_port, protocol, cve_id, score
192.168.1.1, 80, tcp, 2009-1234, 8.5
192.168.1.1, 80, tcp, 2007-6543, 9
192.168.1.1, 80, tcp, 2004-8435, 6
If I want to return the result for each dest_ip/dest_port combination that has the highest score, how do I do that? I've tried using sort and dedup to sort the fields by score (descending) and then dedup the results, but it isn't working.
Any help would be appreciated.
Thx.
Craig
I figured it out:
dedup dest_ip,dest_port sortby -score