Hi
I am looking at access log data with the fields src_ip and method (get, post, head)
I have been running the search src_ip="*" | iplocation src_ip | stats count by country
this gives me an event count by country.
I would like to take this further and also get a count of total events by country and a split per country of get, post and head
any help appreciated
Hi Hildoceras,
something like this should get you there:
... | stats count(eval(method="POST")) AS post count(eval(method="GET")) AS get count(eval(method="HEAD")) AS head by country | addtotals
hope this helps ...
cheers, MuS
feel free to accept the answer, thanks 😉
Worked like a charm many thanks