Hello, I am new to splunk, wondering if you could help me please, I am trying to analyse my vhosts access log.
the format is:
somedomain.com:80 123.123.123.123 - - [13/Sep/2013:02:15:21 +0000] "POST /wp-login.php HTTP/1.1" 200 1904 "some url here" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
I was able to graph by the vhost (somedomain.com) value, and by the bytes separately
but I would like to see bytes per vhost, could you please advise how could I do this?
Thank you very much, sofar splunk looks very robust and exciting...
Hi Moonpixel,
Welcome to Splunk! If I had to guess, something like this might work:
<base search> | stats sum(bytes) AS total_bytes by vhost
Let me know how you go 🙂
Hi Moonpixel,
Welcome to Splunk! If I had to guess, something like this might work:
<base search> | stats sum(bytes) AS total_bytes by vhost
Let me know how you go 🙂
fantastic, thank you, this is exactly what I was looking for...
source="/.../other_vhosts_access.log" | stats sum(sc_bytes) AS total_bytes by s_sitename
Hi Moonpixel - Can you share the search queries you used to generate your successful results? Knowing that will help get you an answer 🙂