Counting total unique urls grouped by a particular...

kbcuait · ‎05-17-2013

Hi, looking at website log file

Would like to see how many unique instances of a certain parameter there are

The part of the log looks like this: "GET /filname.php?userid=114139&anotherparameter HTTP/1.1"

Do I need to use a regular expression to try and match the userid field? If so, how would I incorporate that into the search?

Thanks 🙂

martin_mueller · ‎05-17-2013

I'm not exactly sure what your desired end result is, but it sounds a lot like a job for stats. That would look something like this:

sourcetype="log_file" filename.php | stats dc(uri) as unique_uris by userid

This will compute a distinct count of uris per userid.

kbcuait · ‎05-17-2013

Thanks I'll give this a try 🙂

kbcuait · ‎05-17-2013

Ok I've begun my own question to an extent

I ended up clicking on the uri field in the left column, then under Charts, "Top values overall" which generated a search like this:

sourcetype="log_file" filename.php | top limit=10000 uri

I can now count, avg, etc. 🙂

If anyone has a better answer I would welcome it

Counting total unique urls grouped by a particular parameter