Hello,
Sorry, I am new to Splunk and having problems.
I have loaded IIS logs (total 21 files) to splunk and wanted to calculate how mane HTTP requests are in those logs. In summary page I can see that 82,000 "events" were found in all logs, and the same number is displayed on the search page. But I have checked all the logs files and counted my self that all files sum up 147,000 lines, one line represents 1 http request. How do I calculate it correctly in splunk?
Would be grateful for your help.
It sounds like Splunk did not separate each line into a single event, or we did not index everything. To see if Splunk created multi-line events, run the following search:
* | where linecount > 1
To find the number of HTTP requests, it would be better to create a field for the type of http request and count the number of "GET" requests.