Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to get a Stats count of field values by country

Hildoceras
New Member
‎03-05-2014 02:16 AM

Hi

I am looking at access log data with the fields src_ip and method (get, post, head)

I have been running the search src_ip="*" | iplocation src_ip | stats count by country

this gives me an event count by country.

I would like to take this further and also get a count of total events by country and a split per country of get, post and head

any help appreciated

Tags (1)
0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
‎03-05-2014 02:32 AM

Hi Hildoceras,

something like this should get you there:

 ... | stats count(eval(method="POST")) AS post count(eval(method="GET")) AS get count(eval(method="HEAD")) AS head by country | addtotals

hope this helps ...

cheers, MuS

Reply

MuS
SplunkTrust
SplunkTrust
‎03-05-2014 03:30 AM

feel free to accept the answer, thanks 😉

0 Karma
Reply

Hildoceras
New Member
‎03-05-2014 02:46 AM

Worked like a charm many thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...