Archive

xferlog query to get top sites

New Member

Good Afternoon,

I have indexed my xferlogs from my FTP server and I would like to run a query of the top sites accessing our FTP server. How would I generate such a query on the xferlogs?

Thank You,

Gregg.

Tags (1)
0 Karma

Splunk Employee
Splunk Employee

i am assuming here that these sites/ip's either are extracted as a field or can be extracted as a field? if so, then you should be able to sort by the field, or even better,

<your search> | top limit=30<or any other integer> ip/site/<field you have extracted>
0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!