Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to group and visualize 2 versions of same host name

andreshuexes
New Member
‎01-29-2020 03:51 AM

Hi,

Currently, I'm trying to find a way to extract the URL from this search, basically, our store has 2 versions Global /en and China /zh and grouping together all the urls of the products with each version (EN and ZH), I would like to base on this query getting the Google hits to our Store split by version since the host_name is the same I cannot find a way to do it

With this expression uri_path=/store/xxx/* I'm able to get all the URLs but then I cannot find a way to group them into 2 categories EN and ZH

Can anyone give me some tips?

Thanks a lot in advance

index=xxx_com_app client_ip="64.233." OR client_ip="66.102." OR client_ip="66.249." OR client_ip="72.14." OR client_ip="74.125." OR client_ip="209.85." OR client_ip="216.239." AND (user_agent="Googlebot-Image/1.0" OR user_agent="Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" OR user_agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Googlebot/2.1; +http://www.google.com/bot.html) Chrome/ Safari/537.36" OR user_agent="Googlebot/2.1 (+http://www.google.com/bot.html)" OR user_agent = "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/* Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" host_name="www.xxx.com") uri_path=/store/xxx/ | timechart span=1d count by uri_path limit=2

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-29-2020 06:00 AM

Hi @andreshuexes,
could you share two examples of your logs with /en and /zh ?
Them please, correct your answer using Code Sample button, because now it isn't possible to correctly read your search.

Ciao.
Giuseppe

0 Karma
Reply

andreshuexes
New Member
‎01-30-2020 02:59 AM

Hello Giuseppe,

Sure,

We have a store with all the products in both versions, ideally, we would like to get the Googlebot hits to each of the English and China URLs separated

Here you have an example of a URL, the only difference is the EN or ZH

https://www.xxx.com/store/yyy/en/p/product/?p=qwerty
https://www.xxx.com/store/yyy/zh/p/product/?p=qwerty

Thanks
Andres

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-30-2020 04:54 AM

Hi @andreshuexes,
you can use your search to extract results, and from these results extract the region.

index=xxx_com_app 
(client_ip="64.233." OR client_ip="66.102." OR client_ip="66.249." OR client_ip="72.14." OR client_ip="74.125." OR client_ip="209.85." OR client_ip="216.239." )
(user_agent="Googlebot-Image/1.0" OR user_agent="Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" OR user_agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Googlebot/2.1; +http://www.google.com/bot.html) Chrome/ Safari/537.36" OR user_agent="Googlebot/2.1 (+http://www.google.com/bot.html)" OR user_agent = "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)") host_name="www.xxx.com") uri_path=/store/xxx/* 
| eval region=if(like(url,"%en%"),"Global","China")
| timechart span=1d count by region

If you can have more regions than Global and China, you can use case instead of if in the eval statement or a regex to extract the region.

Ciao.
Giuseppe

0 Karma
Reply

nickhills
Ultra Champion
‎01-29-2020 05:58 AM

Try this:

index=xxx_com_app client_ip="64.233." OR client_ip="66.102." OR client_ip="66.249." OR client_ip="72.14." OR client_ip="74.125." OR client_ip="209.85." OR client_ip="216.239." AND (user_agent="Googlebot-Image/1.0" OR user_agent="Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" OR user_agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Googlebot/2.1; +http://www.google.com/bot.html) Chrome/ Safari/537.36" OR user_agent="Googlebot/2.1 (+http://www.google.com/bot.html)" OR user_agent = "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" host_name="www.xxx.com") uri_path=/store/xxx/* 
|rex field=uri_path "\/store\/(?P<region>[^\/]+)"
| timechart span=1d count by region
If my comment helps, please give it a thumbs up!
0 Karma
Reply

andreshuexes
New Member
‎01-30-2020 03:00 AM

Hey,

Thanks for the reply,

I cannot make it work

Thanks

0 Karma
Reply

nickhills
Ultra Champion
‎01-30-2020 03:05 AM

Did you modify the xxx in the above to suit your needs?

You probably want to set the uri to ”*store/*”and host_name to something sensible

If my comment helps, please give it a thumbs up!
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-29-2020 05:56 AM

Please share some sample data, both /en and /zh, if possible.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

andreshuexes
New Member
‎01-30-2020 02:59 AM

Hello,

Sure,

We have a store with all the products in both versions, ideally, we would like to get the Googlebot hits to each of the English and China URLs separated

Here you have an example of a URL, the only difference is the EN or ZH

https://www.xxx.com/store/yyy/en/p/product/?p=qwerty
https://www.xxx.com/store/yyy/zh/p/product/?p=qwerty

Thanks
Andres

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...