This simple query will show if IIS traffic came to a given site from three geographical possibilities: “United States” “International” or “Unknown” sources. This relies entirely on geoip lookup. You can change the country of “United States” to anything you desire for you own data set (just make the change in the eval section below!). […]
Weekday Web Traffic Summary in IIS
The following Splunk query will show a summary of all weekday activity for a given website in IIS.
|
1 |
sourcetype="iis" (NOT date_wday=saturday) (NOT date_wday=sunday) | stats count(JSESSIONID) as Value | eval Metric="Total Hits on Weekdays" | append [search sourcetype="iis" (NOT date_wday=saturday) (NOT date_wday=sunday) | stats dc(JSESSIONID) as Value | eval Metric="Total Visits on Weekdays"] | append [search sourcetype="iis" (NOT date_wday=saturday) (NOT date_wday=sunday) JSESSIONID=* | stats dc(JSESSIONID) as count by date_wday | stats avg(count) as Value by date_wday | eval Value=round(Value) | top limit=1 Value | eval Metric = "Average Number of Visits per day on Weekdays"]| append [search sourcetype="iis" (NOT date_wday=saturday) (NOT date_wday=sunday) JSESSIONID=* | stats count(JSESSIONID) as count by date_wday | stats avg(count) as Value by date_wday | eval Value=round(Value) | top limit=1 Value | eval Metric = "Average Number of Hits per day on Weekdays"] | fieldformat Value=tostring(Value,"commas") | fields - count, percent |fields Metric, Value |
Visits by Hour of the Day in IIS
The following Splunk query will list the total visits for each hour in a given time range.
|
1 |
sourcetype="iis" | top limit=24 date_hour | sort +date_hour | rename count as Visits | rename date_hour as "Hour of the Day" |
Total Hits on Most Active Day in IIS
The following Splunk query will return the total number of hits on the most active day in a given time range within an IIS environment:
|
1 |
sourcetype="iis" | top limit=1 date_mday | rename count as Value| fieldformat Value=tostring(Value,"commas") | eval Metric="Number of hits on Most active date" | fields - date_mday, count, percent | fields Metric, Value |
Total Hits on Least Active Day in IIS
The following Splunk Query will return the total number of hits to a web site on the least active day of a given time range:
|
1 |
sourcetype="iis" | rare limit=1 date_mday | rename count as Value | fieldformat Value=tostring(Value,"commas")| eval Metric="Number of hits on least active date" | fields - date_mday, count, percent | fields Metric, Value |
Most Active Day and Least Active Day for IIS Web Traffic
The following Splunk query will return the most active and the least active days for web traffic in an IIS environment:
|
1 |
sourcetype="iis" | bucket span=1d _time |top limit=1 _time | eval Date=strftime(_time, "%m/%d/%Y") | eval Metric="Most Active Date" | append [search sourcetype="iis" | bucket span=1d _time |rare limit=1 _time | eval Date=strftime(_time, "%m/%d/%Y") | eval Metric="Least Active Date"] | fields - _time, count, percent | fields Metric, Date |
Visits by Days of the Week in IIS
The following Splunk query will show the number of web visits for each weekday:
|
1 |
sourcetype="iis" | eval uppercase=upper(substr(date_wday,1,1)).substr(date_wday,2)|dedup JSESSIONID| top limit=7 uppercase | eval sort_field=case(uppercase=="Sunday",1, uppercase=="Monday",2, uppercase=="Tuesday",3, uppercase=="Wednesday",4, uppercase=="Thursday",5, uppercase=="Friday",6, uppercase=="Saturday",7) | sort + sort_field | fields - sort_field |rename count as Visits | rename uppercase as "Day of the Week" |
