Hello,
Given the following access logs generated by the same page:
Input:
http://mydomain1.com/q?L=5000 [ Referer header: http://mydomain2.com/some-page2.html ]
http://mydomain1.com/q?L=6000 [ Referer header: http://mydomain5.com/some-page5.html ]
http://mydomain1.com/q?L=5500 [ Referer header: http://mydomain2.com/some-page2.html ]
Requirement:
I am trying find average values of L (greater than 1000 and less than 60001) by top 5 referers.
Attempted solutions:
I thought about subsearch, but get it to work as expected:
index=myindex sourcetype="mysource" L>1000 L<60001 | top 5 referer | timechart avg(L) span=5m by referer
Would I have to find the top 5 referers in a query, and then use the results of referers from that query as a pivot for another query?! :) I wouldn't know how to get started with that one in Splunk.. I was trying to follow this guide http://www.innovato.com/splunk/SQLSplunk.html but no luck :-/
Any help is appreciated :)
Thank you.
-Gokce