For a simple query -
index=app_au ms.ab=true
I have a raw output of -
{"dtm":"2017-09-27 10:44:42.389 PDT", "logger":"audit.com.foo.store.RequestAuditLog", "app":{"p":8523,"a":"WebNav","e":"prod.live.txn","h":"rn2-rosp-pr02-lweb04.fno.foo.com","dc":"fno"}, "msg":{"ab":true,"forwApp":"entry","resTime":12,"dx":1,"mc":{"s":"consumer","gp":"ww.emea.de","gc":"DEU"},"reqHost":"secure.foo.com","resStatus":"503","forwUrl":"urls-entry.loginJSON","d":"0ef7e2b2-f0f2-4a3e-9098-6812d9546b1b","ip":"92.211.19.113","reqPat":"///login/sign_in","reqApp":"entry","r":"c461b663-7102-4431-a0fc-fff7c472b748","t":1506534282377,"sampleWeight":1.0,"reqUrl":"urls-entry.loginJSON"}}
I need to extract the ip field and get a list of IP with counts.
Please help.
thanks,
Vik
↧