I have indexed my xferlogs from my FTP server and I would like to run a query of the top sites accessing our FTP server. How would I generate such a query on the xferlogs?
i am assuming here that these sites/ip's either are extracted as a field or can be extracted as a field?
if so, then you should be able to sort by the field, or even better,
<your search> | top limit=30<or any other integer> ip/site/<field you have extracted>