Apache High Level Visitor Info

The following query gives a breakdown on traffic by clientip. I run this over all time so I can get detailed information on first visit versus latest visit as you can see below.

This will return something like the following:

If you want to run this as a scheduled search, which I advise doing due to the lengthy historical search of all time you can add an outputlookup to the end and search against that for near instantaneous results:

Once this search runs you can access this by running the following:

Check out the difference in search run time. Barely more than a second versus more than 80 seconds! If you have a lot of users accessing this information you’ll want to do this as a scheduled search. Just be sure to change the permissions on the lookup file so intended users can access it.

Share This:


  1. YiHu

    stats count as 访问次数 sum(bytes) as t1 first(Country) as 国家 by clientip | eval 流量=round(t1/1048576,2)
    I suggest that the bytes be calculated separately, which is more accurate. Thank you again.

Leave A Comment?