Very new to splunk here. I would like to group each http request to each directory based on their directory, and produce a count for each and plot it in a pie chart. GET /vendor, GET /Services, GET /config, GET /About For example GET /vendor/vendor/auth/signin and GET /vendor/vendor/browse should be classified under /vendor in a table. my current query is wrong and doesn't show anything, modified it based on a GIAC paper. index="apache_logs" | stats count by request | eval request=case( request="GET /config*", "/config", request="GET /vendor*", "/vendor", request="GET /Services*", "/Services", request="GET /About*", "/About") request="GET /about*", "/about") | top request limit=0 useother=f | eval request=request." (".count." events, ".round(percent,2)."%)" I would also like to differentiate requests to /about and /About I hope this made sense.
... View more
