sourcetype=postfix_syslog host=insertHostnameHere status=sent | timechart span=1d count Total number of sent emails per day. Using it for Linux servers that use the Postfix mta.
Nr. of unique visitors per hour timechart
host=insertHostnameHere sourcetype=access_combined | timechart span=1h dc(sourceIP) If you have Fieldextraction for the visitor IP’s, in this example named ‘sourceIP’, this simple query will list the number of unique visitors per hour
Worldmap with unique visitors last 24 hours
sourcetype=access_combined | iplocation sourceIP | stats dc(sourceIP) by Country | geom geo_countries featureIdField=”Country” earliest=-24h Note that ‘sourceIP’ is the name for the IP field. You may already have another fieldname for that extraction. Tested on Splunk Light.
