This is the criteria I'm using:
index=bcoat_logs sc_filter_result!=DENIED cs_host!="-" | stats count(cs_host) by cs_host | sort -count(cs_host)
which lists all websites users are hitting, but this search takes forever to run.
I was hoping to limit results to top 100 websites with highest hit counts in order to speed up the search.
I'm a bit of a newb and could use some help.
↧