Solved: How to edit my search to count the number of reque...

yarafatin2 · ‎03-20-2017

I need to get the count of requests per IP per 30 minutes.
The stats column headers should be clientip and all the 30 minute intervals - 2017-03-17 02:30:00, 2017-03-17 03:00:00, 2017-03-17 03:30:00.
The count for each of those 30 minutes interval should appear for each of the IP addresses.

I tried - host="test" sourcetype=access_log4 | bucket _time span=30m | stats count by clientip, _time
This groups the clientip and _time as unique columns. I want clientip as the only unique column and the minutes to appear dynamically as column headers.

woodcock · ‎03-20-2017

Like this:

 host="test" sourcetype=access_log4 | bucket _time span=30m | chart count by clientip _time

View solution in original post

woodcock · ‎03-20-2017

Like this:

 host="test" sourcetype=access_log4 | bucket _time span=30m | chart count by clientip _time

How to edit my search to count the number of requests per IP per 30 minutes?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?

How to edit my search to count the number of requests per IP per 30 minutes?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?