SPL
Splunk SPL: Top Apache Endpoints by Bytes (Daily)
Description
Identify the heaviest Apache endpoints by bandwidth so you can optimize or cache high-cost paths.
What This Splunk Query Does
Aggregates total bytes per endpoint and returns the top 10 by volume.
Supported Sourcetypes
0 0
access_combinedWhen to Use This SPL
Use this to spot costly downloads, API hotspots, or misbehaving routes.
Splunk SPL Query
This Splunk query uses
as a placeholder. Replace it with your actual index name.index=*
index=* sourcetype=access_combined
| eval endpoint=coalesce(uri_path, uri, url, cs_uri_stem)
| eval bytes=coalesce(bytes, sc_bytes, 0)
| where isnotnull(endpoint)
| stats sum(bytes) as total_bytes by endpoint
| sort - total_bytes
| head 10Assumptions and Customization
Assumes bytes are in
bytessc_bytesby hostby uri_query
Comments
0 total
Be the first to comment on this SPL.
Leave a comment
You must log in to post a comment.