LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@toshikawa(川俣 利久)

tstatsを使う

Posted at

Splunk > Clara-fication: Search Best Practicesをみたら、ちょっとびっくりしたので。

tstats.spl
|tstats count  where sourcetype=access_combined_wcookie by PREFIX(action)

ver8以上限定で、tutorial.zipが入っているとこれが動くはず。

tstats@Splunk>docsを読むと詳細な説明が載っています。

_rawの文字列からフィールド抽出されている値で集計できるとなると、相当使える。

:sweat_smile: ver8以上だけど。

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?