Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

chart over query string

chixor
New Member
‎10-27-2010 01:26 AM

Hi guys,

I have an apache log. I want to be able to chart the count of occurances of a particular query string in the uri_path.

eg.

/path/file?q1=v1&q2=v2&q3=v3
/path/file?q1=v3&q2=v1&q3=v2
/path/file?q1=v2&q2=v3&q3=v1

I want to get:

uri_path   count
q2=v1      63
q2=v2      26
q2=v3      82

I've worked out how to regex on the query string, but I can't work out how to chart count over specific q2 values of uri_path and ignore changes in q1 and q3.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎10-27-2010 01:58 AM

I'd assume that you already have the q2 field extracted automatically. You can verify that it is and search:

... | top q2

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎10-27-2010 01:58 AM

I'd assume that you already have the q2 field extracted automatically. You can verify that it is and search:

... | top q2
0 Karma
Reply
Solved! Jump to solution

chixor
New Member
‎10-27-2010 02:10 AM

oh, hahaha I was over thinking it. Thanks, Stephen.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...