index=apache sourcetype=access_combined | chart count(eval(like(status,"2%"))) AS Success, count(eval(like(status,"4%") OR like(status,"5%"))) AS Error by status
###this query is to report on status code description#####
index=apache source="/var/log/httpd/access_log" | timechart count by status_description useother=f
# Find Website Status Over time
index=apache sourcetype=access_combined| timechart count by status_type limit=10 usenull=f
# Reports on Webserver error 500.
index=apache sourcetype=access_combined status_type="Server Error" | table host status status_description method uri_path | rename host AS "Server Name" status AS "Status Code" status_description AS "Description" method AS "Method" uri_path AS "URL Path"
# Reports on Most used Web Browsers
index=apache source="/var/log/httpd/access_log" | dedup useragent | eval browser=useragent | replace *Firefox* with Firefox, *Chrome* with Chrome, *MSIE* with "Internet Explorer", *Version*Safari* with Safari, *Opera* with Opera, *rv:11.0* with "Internet Explorer" in browser| top limit=5 useother=t browser
# Reports on most used devices / platforms
index=apache source="/var/log/httpd/access_log" | dedup useragent| eval device=useragent |replace *Windows* with Windows, *Macintosh* with Apple, *Android* with Android, *iPhone* with iPhone, *iPad* with iPad in device | top limit=5 useother=t device
Find Out Top 10 referencing websites
I Guess there is some confusion with The headings given and The code above/below them. They are mismatching.
are you missing the code for Top 10 referencing websites?