Hi, Greetings.

I am looking to perform an aggregated query as below
I am looking for total count of hits by endpoint
I could execute this query in the siem query, but unable to execute via automation "Execute UDM Query"

Can you help me how to best achieve the result via Automation (Action/Script)?

metadata.vendor_name = "Akamai"
$endpoint = additional.fields["RequestHeader x-operationname"]
match:
    $endpoint
outcome:
    $deny_count = count($endpoint)