The following Splunk search extracts the WordPress version from your Apache Web Logs. For fun I also did a time chart using 100% stacked bar chart to show by month each version of wordpress used. This was actually a pretty neat display of colors to show the upgrade path of WordPress over the years! I […]
Utilizing tstats for Page Views within Apache Web Logs
Here’s a Splunk query to show a timechart of page views from a website running on Apache. Due to the search utilizing tstats, the query will return results incredibly fast over a very LONG period of time if desired. Change the index to reflect yours, as well as the span to reflect a span you […]
Nr. of unique visitors per hour timechart
|
1 |
host=insertHostnameHere sourcetype=access_combined | timechart span=1h dc(sourceIP) |
If you have Fieldextraction for the visitor IP’s, in this example named ‘sourceIP’, this simple query will list the number of unique visitors per hour
Worldmap with unique visitors last 24 hours
|
1 |
sourcetype=access_combined | iplocation sourceIP | stats dc(sourceIP) by Country | geom geo_countries featureIdField="Country" earliest=-24h |
Note that ‘sourceIP’ is the name for the IP field. You may already have another fieldname for that extraction. Tested on Splunk Light.
Apache access_logs status code reporting
|
1 |
index=apache sourcetype=access_combined | chart count(eval(like(status,"2%"))) AS Success, count(eval(like(status,"4%") OR like(status,"5%"))) AS Error by status |
###this query is to report on status code description#####
|
1 |
index=apache source="/var/log/httpd/access_log" | timechart count by status_description useother=f |
# Find Website Status Over time
|
1 |
index=apache sourcetype=access_combined| timechart count by status_type limit=10 usenull=f |
# Reports on Webserver error 500.
|
1 |
index=apache sourcetype=access_combined status_type="Server Error" | table host status status_description method uri_path | rename host AS "Server Name" status AS "Status Code" status_description AS "Description" method AS "Method" uri_path AS "URL Path" |
# Reports on Most used Web Browsers
|
1 |
index=apache source="/var/log/httpd/access_log" | dedup useragent | eval browser=useragent | replace *Firefox* with Firefox, *Chrome* with Chrome, *MSIE* with "Internet Explorer", *Version*Safari* with Safari, *Opera* with Opera, *rv:11.0* with "Internet Explorer" in browser| top limit=5 useother=t browser |
# Reports on most used devices / platforms
|
1 |
index=apache source="/var/log/httpd/access_log" | dedup useragent| eval device=useragent |replace *Windows* with Windows, *Macintosh* with Apple, *Android* with Android, *iPhone* with iPhone, *iPad* with iPad in device | top limit=5 useother=t device |
Find Out Top 10 referencing websites
