SPL
Apache access_logs status code reporting
Description
7 0
index=apache sourcetype=access_combined | chart count(eval(like(status,"2%"))) AS Success, count(eval(like(status,"4%") OR like(status,"5%"))) AS Error by status###this query is to report on status code description#####
index=apache source="/var/log/httpd/access_log" | timechart count by status_description useother=f# Find Website Status Over time
index=apache sourcetype=access_combined| timechart count by status_type limit=10 usenull=f# Reports on Webserver error 500.
index=apache sourcetype=access_combined status_type="Server Error" | table host status status_description method uri_path | rename host AS "Server Name" status AS "Status Code" status_description AS "Description" method AS "Method" uri_path AS "URL Path"# Reports on Most used Web Browsers
index=apache source="/var/log/httpd/access_log" | dedup useragent | eval browser=useragent | replace *Firefox* with Firefox, *Chrome* with Chrome, *MSIE* with "Internet Explorer", *Version*Safari* with Safari, *Opera* with Opera, *rv:11.0* with "Internet Explorer" in browser| top limit=5 useother=t browser# Reports on most used devices / platforms
index=apache source="/var/log/httpd/access_log" | dedup useragent| eval device=useragent |replace *Windows* with Windows, *Macintosh* with Apple, *Android* with Android, *iPhone* with iPhone, *iPad* with iPad in device | top limit=5 useother=t deviceFind Out Top 10 referencing websites
Comments
2 total
I Guess there is some confusion with The headings given and The code above/below them. They are mismatching.
are you missing the code for Top 10 referencing websites?
Leave a comment
You must log in to post a comment.