sourcetype=access_* status=200 action=purchase [search
sourcetype=access_* status=200 action=purchase | top limit=3 clientip |
table clientip] | stats COUNT AS "Total Purchased", dc(productId) as "Total Products", values(productName) as "Product Names" by clientip |
rename clientip AS "VIP Customers"
Last active
January 8, 2016 07:00
-
-
Save dimitardanailov/2caaf27410c57068ab93 to your computer and use it in GitHub Desktop.
Splunk Example commands
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment