Splunk Search

Search with 3 fields and count

manwin
Path Finder

I'm trying to create a table which shows the following: -

Domain Client_IP Client_User Count

www.google.com 192.168.1.100 manwin 5

www.spurs-sg.org 192.168.1.101 User2 10

I can get a table showing me

Domain Client_IP Count

by doing the following search

sourcetype="bcoat_proxysg" |top limit=100 Domain by Client_IP

but I can't find a way to add in the user.

Tags (1)
0 Karma
1 Solution

ftk
Motivator

You can do

sourcetype="bcoat_proxysg" |top limit=100 Domain by Client_IP, Client_User

More info on top: http://www.splunk.com/base/Documentation/latest/SearchReference/Top

View solution in original post

ftk
Motivator

You can do

sourcetype="bcoat_proxysg" |top limit=100 Domain by Client_IP, Client_User

More info on top: http://www.splunk.com/base/Documentation/latest/SearchReference/Top

manwin
Path Finder

Thanks I've given it a tick. Thanks for your response.

0 Karma

ftk
Motivator

Feel free to accept usable answers -- helps close out the question and makes the site more usable for new users especially. Thanks!

manwin
Path Finder

Thanks, I just tested with my sample data and it worked.......
Interestingly when I was testing the exact same command at my customer's location it did not give me any results.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...