Management Center and Reporting

 View Only
Back to discussions
Expand all | Collapse all

Splunk to identify all the "url.domain" conditions that has not had coverage for a long time?

  • 1.  Splunk to identify all the "url.domain" conditions that has not had coverage for a long time?

    Posted Aug 28, 2019 09:13 PM

    Hi;

    I would like to send access logs from a Proxy SG device to a Splunk server, then do a search against a list of specific URLs to see the number of hits against each of these URL. 

    A. Can this be done in Splunk as a search 

    B. Does anyone know what the Splunk search syntax can be?

     

    Kindly

    Wasfi



  • 2.  RE: Splunk to identify all the "url.domain" conditions that has not had coverage for a long time?

    Posted Dec 13, 2019 01:37 PM

    Not sure of you index or sourcetype of field extractions.  If the field was url.domain you could do url.domain=*yahoo.com | stats count by url.domain | sort -count