Archive

detect repeating values over time

Path Finder

Hi - I want to detect IP's which continually appear in the logs over a 24 hour period
They must appear at least once every hour over the 24 hours to be included in the results.

Thanks

Tags (1)
0 Karma
1 Solution

Ultra Champion

Assuming that you have the IP address in a field called ip, this is one of the ways to achieve this.

sourcetype=blah earliest=-1d | stats dc(date_hour) as hrs by ip | search hrs=24

Hope this helps,

Kristian

View solution in original post

Path Finder

thanks - works perfect

0 Karma

Ultra Champion

Assuming that you have the IP address in a field called ip, this is one of the ways to achieve this.

sourcetype=blah earliest=-1d | stats dc(date_hour) as hrs by ip | search hrs=24

Hope this helps,

Kristian

View solution in original post

Splunk Employee
Splunk Employee

Mark it as correctly answered!

0 Karma

Path Finder

Thanks - works perfect

0 Karma