The following query gives a breakdown on traffic by clientip. I run this over all time so I can get detailed information on first visit versus latest visit as you can see below. sourcetype=access_combined (referer_domain!=”https://gosplunk.com” AND referer_domain!=”http://gosplunk.com”) | iplocation clientip | stats first(_time) as First_Visit latest(_time) as Last_Visit sum(eval(round(bytes/1024/1024,2))) as MB first(Country) as Country count […]
REST Call for a list of Lookup Files
Use this splunk search to get a list of all lookup files: | rest /services/data/transforms/lookups | table eai:acl.app eai:appName filename title fields_list updated id
