![]() Because with the table command, we specified only the clientip field, that is the only field that was returned.įrom the output, the count and percent fields produced by the top Command are discarded. The difference is the last piped instruction, table clientip, which shows the details about the clientip in a row. This search is nearly identical to the search in step 1 of Example 1. Here, this search returns the clientip, clientip=87.194.216.51, for the most frequent shopper. Sourcetype=access_* status=200 action=purchase | top limit=1 clientip | table clientip Now, Copy and paste the search below into the search bar and run the search.We will start our first requirement to identify the most frequent single shopper on the online store Buttercup Games. ![]() Example 2: Search with a sub search in the Splunk In every time range, the top buyer is not likely to be the same person. The downside to this method is that we will run two searches each time we want this table to be built. The values function is used as a multivalue field to show distinct product IDs. Use this feature to count the number of different or unique products the shopper has purchased. The dc () function is the function separct count. This search uses the count () function to give the VIP shopper the total number of purchases. An alias for the function separct count() is dc(). This search uses multiple statistical functions with the command Stats. Sourcetype=access_* status=200 action=purchase clientip=87.194.216.51 | stats count, distinct_count(productId), values(productId) by clientip ![]() Use the stats command to count this VIP Customer's purchases.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |