This query uses Zeek DNS logs to see which hosts on your network are making the most DNS requests. Although simple, it does a good job of demonstrating the ax, stats, and alias modules. here…
tag=zeekdns ax
| alias orig Host
| stats count by Host
| table Host count
