I have below command in Linux -
grep "login?" access.log access.log.1 | grep https | cut -d, -f3 | sed 's/"wafip"://g' | sort -n | uniq -c | sort -nr | head -100
I need to find out equivalent Splunk command.
I know the index and host.
Can somebody please help me with this?
Hi
can you tell what you want to get from log and give examples with log and output of your onliner?
r. Ismo
Source and destination addresses or any other what there could be?
Can you give example of your access.log (anonymised)?
r. Ismo