Direct and Referred Apache Web Traffic

The following query will show all traffic to an Apache web server that is direct, meaning no referring site.

sourcetype="access_combined" referer="-" | stats count

The following query will show all traffic that is NOT direct, meaning only referring sites.

sourcetype="access_combined" referer!="-" | stats count

The following query is the same as above, but with a timechart spanning 1 day.

sourcetype="access_combined" referer="-" | timechart span=1d count

The following Query is the same as the above timechart command, but shows a comparrison between referred traffic and direct traffic on the same graph.

sourcetype="access_combined"
| eval Direct=if(referer="-", "1", "0")
| eval Referred=if(referer!="-", "1", "0")
| timechart span=1d sum(Direct) as "Direct Traffic" sum(Referred) as "Referred Traffic"