Solved: How to generate a search to find uncategorized URL...

pradeep577 · ‎01-05-2017

Hi,

I'm new to Splunk area.

We have integrated Splunk with ironports. I need to search number of history to a particular website category for one hour. how do i go about it?

Thank you in advance

pradeep577 · ‎01-05-2017

I tried like this x_webcat_code_full="Uncategorized URLs"

i did get results.

View solution in original post

pradeep577 · ‎01-05-2017

I tried like this x_webcat_code_full="Uncategorized URLs"

i did get results.

hunters_splunk · ‎01-05-2017

Hi pradeep577,

If you want hour as timescale, use the bin option.

... | bin _time span=1h | stats ...

I don't know your exact data structure, but assuming the site field captures which websites were accessed, you can use the search below to how hourly access counts to a specific website, or create a chart access counts by sites on an hourly basis:

souretype="cisco:esa:http" | bin
_time span=1h | stats count(eval(site=yourwebsite)) by
_time

souretype="cisco:esa:http" | bin _time span=1h | chart count over _time by site

Hope this helps. Thanks!
Hunter

How to generate a search to find uncategorized URLS in IronPort?

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability