|
1 |
host=insertHostnameHere sourcetype=access_combined | timechart span=1h dc(sourceIP) |
If you have Fieldextraction for the visitor IP’s, in this example named ‘sourceIP’, this simple query will list the number of unique visitors per hour
|
1 |
sourcetype=access_combined | iplocation sourceIP | stats dc(sourceIP) by Country | geom geo_countries featureIdField="Country" earliest=-24h |
Note that ‘sourceIP’ is the name for the IP field. You may already have another fieldname for that extraction. Tested on Splunk Light.
|
1 |
index=apache sourcetype=access_combined | chart count(eval(like(status,"2%"))) AS Success, count(eval(like(status,"4%") OR like(status,"5%"))) AS Error by status |
###this query is to report on status code description#####
|
1 |
index=apache source="/var/log/httpd/access_log" | timechart count by status_description useother=f |
# Find Website Status Over time
|
1 |
index=apache sourcetype=access_combined| timechart count by status_type limit=10 usenull=f |
# Reports on Webserver error 500.
|
1 |
index=apache sourcetype=access_combined status_type="Server Error" | table host status status_description method uri_path | rename host AS "Server Name" status AS "Status Code" status_description AS "Description" method AS "Method" uri_path AS "URL Path" |
# Reports on Most used Web Browsers
|
1 |
index=apache source="/var/log/httpd/access_log" | dedup useragent | eval browser=useragent | replace *Firefox* with Firefox, *Chrome* with Chrome, *MSIE* with "Internet Explorer", *Version*Safari* with Safari, *Opera* with Opera, *rv:11.0* with "Internet Explorer" in browser| top limit=5 useother=t browser |
# Reports on most used devices / platforms
|
1 |
index=apache source="/var/log/httpd/access_log" | dedup useragent| eval device=useragent |replace *Windows* with Windows, *Macintosh* with Apple, *Android* with Android, *iPhone* with iPhone, *iPad* with iPad in device | top limit=5 useother=t device |
Find Out Top 10 referencing websites
