Utilizing tstats for Page Views within Apache Web Logs

Here’s a Splunk query to show a timechart of page views from a website running on Apache. Due to the search utilizing tstats, the query will return results incredibly fast over a very LONG period of time if desired.

Change the index to reflect yours, as well as the span to reflect a span you wish to see.

|tstats count as hits where index=* sourcetype="access_combined" by _time
| timechart span=1month sum(hits) as Views

Screenshot:

Here’s the same thing but using the built in Splunk predict command

|tstats count as hits where index=* sourcetype="access_combined" by _time
| timechart span=1month sum(hits) as Views
| predict Views

Screenshot:

Share This:

Leave A Comment?