Archive

xferlog query to get top sites

New Member

Good Afternoon,

I have indexed my xferlogs from my FTP server and I would like to run a query of the top sites accessing our FTP server. How would I generate such a query on the xferlogs?

Thank You,

Gregg.

Tags (1)
0 Karma

Splunk Employee
Splunk Employee

i am assuming here that these sites/ip's either are extracted as a field or can be extracted as a field? if so, then you should be able to sort by the field, or even better,

<your search> | top limit=30<or any other integer> ip/site/<field you have extracted>
0 Karma