Hi,
Sorry for poor english, it's very late.
I have problem with grouping numbers of occurrence of events by IP. Let's say i have 6 requesting IP. IP #1, #2, #3 are from client A, #4, #5 are from client B, #6 is from client C.
I am trying to sum numbers of those occurrences by client, so i can watch theirs activity. Next (since client A, B and C create one group, say VIP) i want to get out highest number and bring it in front of group gauge. Then i will see, who is requesting most, and if he is not requesting too much.
Problem with sum is that my sum don't treat ip as field, but as numbers.
I've stuck at counting occurrence:
index=X stats
(OSN IP="62.60.9.195" OR IP="62.60.25.19" OR IP="62.60.9.99" OR IP="62.60.9.65")
OR
(/ws/2v1 "/Common/pool-ws" OPtime>10 IP="162.13.184.200" OR IP="95.138.163.164" OR IP="159.148.10.188" OR IP="134.213.177.224" OR IP="134.213.177.99")
OR
(/ws/2v1 "/Common/pool-ws" OPtime>10 IP="195.140.191.18" OR IP="195.140.191.22")
OR
(OSN IP="195.138.208.114")
|stats count by IP
Thanks,
- F.
↧