Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Analyse Apache Other Vhosts Access Log

moonpixel
New Member
‎09-12-2013 09:34 PM

Hello, I am new to splunk, wondering if you could help me please, I am trying to analyse my vhosts access log.

the format is:

somedomain.com:80 123.123.123.123 - - [13/Sep/2013:02:15:21 +0000] "POST /wp-login.php HTTP/1.1" 200 1904 "some url here" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"

I was able to graph by the vhost (somedomain.com) value, and by the bytes separately
but I would like to see bytes per vhost, could you please advise how could I do this?
Thank you very much, sofar splunk looks very robust and exciting...

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rturk
Builder
‎09-12-2013 10:53 PM

Hi Moonpixel,

Welcome to Splunk! If I had to guess, something like this might work:

<base search> | stats sum(bytes) AS total_bytes by vhost

Let me know how you go 🙂

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

rturk
Builder
‎09-12-2013 10:53 PM

Hi Moonpixel,

Welcome to Splunk! If I had to guess, something like this might work:

<base search> | stats sum(bytes) AS total_bytes by vhost

Let me know how you go 🙂

0 Karma
Reply
Solved! Jump to solution

moonpixel
New Member
‎09-12-2013 11:15 PM

fantastic, thank you, this is exactly what I was looking for...

source="/.../other_vhosts_access.log" | stats sum(sc_bytes) AS total_bytes by s_sitename

0 Karma
Reply
Solved! Jump to solution

rturk
Builder
‎09-12-2013 10:41 PM

Hi Moonpixel - Can you share the search queries you used to generate your successful results? Knowing that will help get you an answer 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...