Splunk Search

Help on weblog parsing

pbenner
Explorer

I need to aggregate the values found in the apache weblogs. First I need to parse out several fields. I can get these fileds parsed out. But now I need to aggregate the counts of these fields. For example, the number of elements requested per client over a selected time range. So I need to count all the elements for each client and display them in a graph. And also show in descending order the clients that requested an element. Is this doable? If so what components do I use?

0 Karma
1 Solution

Lowell
Super Champion

Yes. This is very doable.

I would recommend checking out the following search commands to get started:

  • stats
  • chart
  • timechart

If you are pretty new to splunk. Check out How search commands work and go from there. There is also a basic search tutorial that is very helpful in walking though basic commands too.

View solution in original post

Lowell
Super Champion

Yes. This is very doable.

I would recommend checking out the following search commands to get started:

  • stats
  • chart
  • timechart

If you are pretty new to splunk. Check out How search commands work and go from there. There is also a basic search tutorial that is very helpful in walking though basic commands too.

Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...