Description: The following Dashboard is what I use to monitor traffic to GoSplunk. It uses the built in sourcetype of access_combined. No additional add-on’s or TA’s are required. I replaced my index with index=* so it’ll work out of the box. You’ll want to change this to your index for best practices. *UPDATE – 2019/05/29* […]
Apache High Level Visitor Info
The following query gives a breakdown on traffic by clientip. I run this over all time so I can get detailed information on first visit versus latest visit as you can see below. sourcetype=access_combined (referer_domain!=”https://gosplunk.com” AND referer_domain!=”http://gosplunk.com”) | iplocation clientip | stats first(_time) as First_Visit latest(_time) as Last_Visit sum(eval(round(bytes/1024/1024,2))) as MB first(Country) as Country count […]
Simple GeoIP Information for Web Traffic
This simple query will show if IIS traffic came to a given site from three geographical possibilities: “United States” “International” or “Unknown” sources. This relies entirely on geoip lookup. You can change the country of “United States” to anything you desire for you own data set (just make the change in the eval section below!). […]
Weekday Web Traffic Summary in IIS
The following Splunk query will show a summary of all weekday activity for a given website in IIS. sourcetype=”iis” (NOT date_wday=saturday) (NOT date_wday=sunday)| stats count(JSESSIONID) as Value| eval Metric=”Total Hits on Weekdays”| append[ search sourcetype=”iis” (NOT date_wday=saturday) (NOT date_wday=sunday)| stats dc(JSESSIONID) as Value| eval Metric=”Total Visits on Weekdays”]| append[ search sourcetype=”iis” (NOT date_wday=saturday) (NOT date_wday=sunday) […]
Visits by Hour of the Day in IIS
The following Splunk query will list the total visits for each hour in a given time range. sourcetype=”iis” | top limit=24 date_hour | sort +date_hour | rename count as Visits | rename date_hour as “Hour of the Day”
Total Hits on Most Active Day in IIS
The following Splunk query will return the total number of hits on the most active day in a given time range within an IIS environment: sourcetype=”iis” | top limit=1 date_mday | rename count as Value| fieldformat Value=tostring(Value,”commas”) | eval Metric=”Number of hits on Most active date” | fields – date_mday, count, percent | fields Metric, […]
Total Hits on Least Active Day in IIS
The following Splunk Query will return the total number of hits to a web site on the least active day of a given time range: sourcetype=”iis” | rare limit=1 date_mday | rename count as Value | fieldformat Value=tostring(Value,”commas”)| eval Metric=”Number of hits on least active date” | fields – date_mday, count, percent | fields Metric, […]
Most Active Day and Least Active Day for IIS Web Traffic
The following Splunk query will return the most active and the least active days for web traffic in an IIS environment: sourcetype=”iis” | bucket span=1d _time | top limit=1 _time | eval Date=strftime(_time, “%m/%d/%Y”) | eval Metric=”Most Active Date” | append [ search sourcetype=”iis” | bucket span=1d _time | rare limit=1 _time | eval Date=strftime(_time, […]
Visits by Days of the Week in IIS
The following Splunk query will show the number of web visits for each weekday: sourcetype=”iis” | eval uppercase=upper(substr(date_wday,1,1)).substr(date_wday,2)|dedup JSESSIONID| top limit=7 uppercase | eval sort_field=case(uppercase==”Sunday”,1, uppercase==”Monday”,2, uppercase==”Tuesday”,3, uppercase==”Wednesday”,4, uppercase==”Thursday”,5, uppercase==”Friday”,6, uppercase==”Saturday”,7) | sort + sort_field | fields – sort_field |rename count as Visits | rename uppercase as “Day of the Week”
