Hi @jdhavo, The stats command dc gives the distinct count as shown here : https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Stats If you want the list of unique IP addresses you can use the values stats command. And if you want you can have both : splunk_server=* index="mysiteindes" host=NXR4RIET313 SCRAPY | stats values(src_ip) as src_ip dc(src_ip) as distinctCountIP Note that values puts everything in the same block so you can use mvexpand command to split the results out into multiple lines. In either case make sure the src_ip field exists or you won't be able to run anything 🙂 Cheers, David ... View more

@jdhavo, Where is the problem now ? Are you not getting time_taken value? is that a field? ... View more