Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Incorrect events total count

andrejus7
New Member
‎07-23-2010 04:25 PM

Hello,

Sorry, I am new to Splunk and having problems.

I have loaded IIS logs (total 21 files) to splunk and wanted to calculate how mane HTTP requests are in those logs. In summary page I can see that 82,000 "events" were found in all logs, and the same number is displayed on the search page. But I have checked all the logs files and counted my self that all files sum up 147,000 lines, one line represents 1 http request. How do I calculate it correctly in splunk?

Would be grateful for your help.

Tags (3)
0 Karma
Reply

Simeon
Splunk Employee
Splunk Employee
‎07-23-2010 08:58 PM

It sounds like Splunk did not separate each line into a single event, or we did not index everything. To see if Splunk created multi-line events, run the following search:

* | where linecount > 1

To find the number of HTTP requests, it would be better to create a field for the type of http request and count the number of "GET" requests.

0 Karma
Reply
Get Updates on the Splunk Community!

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...