This query uses Zeek DNS logs to see which hosts on your network are making the most DNS requests. Although simple, it does a good job of demonstrating the ax, stats, and alias modules. hereā¦
tag=zeekdns ax
| alias orig Host
| stats count by Host
| table Host count