Apache High Level Visitor Info

The following query gives a breakdown on traffic by clientip. I run this over all time so I can get detailed information on first visit versus latest visit as you can see below.

This will return something like the following: If you want to run this as a scheduled search, which I advise doing […]

Continue Reading →

Direct and Referred Apache Web Traffic

The following query will show all traffic to an Apache web server that is direct, meaning no referring site.

The following query will show all traffic that is NOT direct, meaning only referring sites.

The following query is the same as above, but with a timechart spanning 1 day.

The following Query […]

Continue Reading →

Concurrent Users on Apache Web

I’ve been working through this query and depending on the length of time you are looking back you can use one of the following two methods. Option 1 – Short time window (30 days or less) concurrent users for a span of 5 minutes.

Option 2 – Longer time window (Greater than 30 days, […]

Continue Reading →

Worldmap with unique visitors last 24 hours

Note that ‘sourceIP’ is the name for the IP field. You may already have another fieldname for that extraction. Tested on Splunk Light.

Continue Reading →

Apache access_logs status code reporting

###this query is to report on status code description#####

# Find Website Status Over time

# Reports on Webserver error 500.

# Reports on Most used Web Browsers

# Reports on most used devices / platforms

Find Out Top 10 referencing websites

Continue Reading →