Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Counting total unique urls grouped by a particular parameter

kbcuait
Explorer
‎05-17-2013 11:16 AM

Hi, looking at website log file

Would like to see how many unique instances of a certain parameter there are

The part of the log looks like this: "GET /filname.php?userid=114139&anotherparameter HTTP/1.1"

Do I need to use a regular expression to try and match the userid field? If so, how would I incorporate that into the search?

Thanks 🙂

Tags (4)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎05-17-2013 02:38 PM

I'm not exactly sure what your desired end result is, but it sounds a lot like a job for stats. That would look something like this:

sourcetype="log_file" filename.php | stats dc(uri) as unique_uris by userid

This will compute a distinct count of uris per userid.

Reply

kbcuait
Explorer
‎05-17-2013 02:42 PM

Thanks I'll give this a try 🙂

0 Karma
Reply

kbcuait
Explorer
‎05-17-2013 11:31 AM

Ok I've begun my own question to an extent

I ended up clicking on the uri field in the left column, then under Charts, "Top values overall" which generated a search like this:

sourcetype="log_file" filename.php | top limit=10000 uri

I can now count, avg, etc. 🙂

If anyone has a better answer I would welcome it

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...

Starting With Observability: OpenTelemetry Best Practices

Tech Talk Starting With Observability: OpenTelemetry Best Practices Tuesday, October 17, 2023   |  11AM PST / ...