From 6af5c5b51b06c62110acc6e41809f096725786f1 Mon Sep 17 00:00:00 2001
From: rbowden-r7 <robert_bowden@rapid7.com>
Date: Fri, 10 Nov 2023 12:42:54 +0000
Subject: [PATCH] SOAR-15940-updating count to better reflect the total items
 matched

---
 .../actions/advanced_query_on_log_set/action.py                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log_set/action.py b/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log_set/action.py
index f8ab86e746..6c66dbab6c 100755
--- a/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log_set/action.py
+++ b/plugins/rapid7_insightidr/komand_rapid7_insightidr/actions/advanced_query_on_log_set/action.py
@@ -57,7 +57,7 @@ def run(self, params={}):
         if not statistical:
             return {Output.RESULTS_EVENTS: log_entries, Output.COUNT: len(log_entries)}
         else:
-            return {Output.RESULTS_STATISTICAL: log_entries, Output.COUNT: len(log_entries)}
+            return {Output.RESULTS_STATISTICAL: log_entries, Output.COUNT: log_entries.get("search_stats", {}).get("events_matched", 0)}
 
     @staticmethod
     def parse_query_for_statistical(query: str) -> bool: