Solved: Help on weblog parsing

pbenner · ‎06-01-2010

I need to aggregate the values found in the apache weblogs. First I need to parse out several fields. I can get these fileds parsed out. But now I need to aggregate the counts of these fields. For example, the number of elements requested per client over a selected time range. So I need to count all the elements for each client and display them in a graph. And also show in descending order the clients that requested an element. Is this doable? If so what components do I use?

Lowell · ‎06-01-2010

Yes. This is very doable.

I would recommend checking out the following search commands to get started:

stats
chart
timechart

If you are pretty new to splunk. Check out How search commands work and go from there. There is also a basic search tutorial that is very helpful in walking though basic commands too.

View solution in original post

Lowell · ‎06-01-2010

Yes. This is very doable.

I would recommend checking out the following search commands to get started:

stats
chart
timechart

If you are pretty new to splunk. Check out How search commands work and go from there. There is also a basic search tutorial that is very helpful in walking though basic commands too.

Help on weblog parsing

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 2)

Index This | I am a number but I am countless. What am I?

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience