cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
mamoSplunk
Explorer
Member since: ‎05-15-2021
‎05-16-2021
Community Statistics
Posts 3
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎05-15-2021
Activity Feed
Topics I've Started
View All

Re: Complex query on IIS log

by in Splunk Search
‎05-16-2021 05:06 AM
‎05-16-2021 05:06 AM
@ITWhispererI am really impressed! Thank you very much. ... View more

Re: Complex query on IIS log

by in Splunk Search
‎05-15-2021 12:31 PM
‎05-15-2021 12:31 PM
Thank you very much ITWhisperer. It works! May I ask you if is it possible to limit the number of total_events by department to, let's say, the first ten? I would like to display the top 10 cs_uri_stem by for each department. ... View more

Complex query on IIS log

by in Splunk Search
‎05-15-2021 08:56 AM
‎05-15-2021 08:56 AM
Hi all, I would like extract from intranet weblog (IIS log) top pages grouped by departments to see which pages are most viewed by each department. I can use the cs_username field to identify the department and with the following query I can count the total activity by depertment:   sourcetype="iis" index=intranet | fields cs_username | rex field=cs_username "(?i)mydomain\\\(?<username>[^\s]*)" | stats count as events by username | table username events | lookup address.csv Email as username | fillnull value=- | stats sum(events) as total_events by department     Now I would like to extract the most viewed pages (cs_uri_stem) grouped by department. How can I do that? Thank you in advance! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎05-16-2021 04:37 PM
Karma given to
View All