Getting Data In

Analyse Apache Other Vhosts Access Log

moonpixel
New Member

Hello, I am new to splunk, wondering if you could help me please, I am trying to analyse my vhosts access log.

the format is:

somedomain.com:80 123.123.123.123 - - [13/Sep/2013:02:15:21 +0000] "POST /wp-login.php HTTP/1.1" 200 1904 "some url here" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"

I was able to graph by the vhost (somedomain.com) value, and by the bytes separately
but I would like to see bytes per vhost, could you please advise how could I do this?
Thank you very much, sofar splunk looks very robust and exciting...

0 Karma
1 Solution

rturk
Builder

Hi Moonpixel,

Welcome to Splunk! If I had to guess, something like this might work:

<base search> | stats sum(bytes) AS total_bytes by vhost

Let me know how you go 🙂

View solution in original post

0 Karma

rturk
Builder

Hi Moonpixel,

Welcome to Splunk! If I had to guess, something like this might work:

<base search> | stats sum(bytes) AS total_bytes by vhost

Let me know how you go 🙂

0 Karma

moonpixel
New Member

fantastic, thank you, this is exactly what I was looking for...

source="/.../other_vhosts_access.log" | stats sum(sc_bytes) AS total_bytes by s_sitename

0 Karma

rturk
Builder

Hi Moonpixel - Can you share the search queries you used to generate your successful results? Knowing that will help get you an answer 🙂

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...