Listed below all required spl-query::
Case-1 : Total Number of Hits:
==============index=ds |stats count by clientip |stats sum(count) as Total_Number_of_Hits=======================
Note: Ensure to replace index name: ds with your own created or default-main
Explanation : Number of hits can be calculated by number of individual hits on server by each client
Case-2 : Top 20 category and Domain :
===================index=ds | top 20 categoryId showperc=f showcount=t |table categoryId |join [search index=ds | top 20 referer_domain showperc=f showcount=t |table referer_domain] ============================
Explanation: separately find domain and category and then use join to get single result with combination of both
Note: Find suitable fields to get desire result like domain and categoryId here
Case-3 : status code count :
=====================index=ds status=* |stats count as "Status code count"====================
Explanation : Gives count of all the status code like status 401-faliure, status 200-success ..
In addition i have attached Dashboard snapshot with all these cases-data as separate panel embedded in single dashboard.
Happy Splunking : >
... View more
