Solved: Re: Viewing URLs by IP over time

prodport · ‎04-15-2010

In the Splunk 4.1 webcast earlier this week, one of the presenters showed a combined_access report that looked to produce a report of the user's IP address and then indented the URLs they viewed sorted by time. There may have been more columns.

I looked to see if their was a recording or similar question here, but didn't see anything. Does anyone know how he did that as it looked useful was seeing how people migrate through your site.

gkanapathy · ‎04-15-2010

I didn't see the webcast, but I guess I would do it with something like:

sourcetype=access_combined | stats list(uri) by clientip

View solution in original post

Simeon · ‎04-26-2010

This could be the search:

sourcetype="access_combined" | chart count by clientip,uri

gkanapathy · ‎04-15-2010

I didn't see the webcast, but I guess I would do it with something like:

sourcetype=access_combined | stats list(uri) by clientip

Viewing URLs by IP over time

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Join the Conversation