How to find traffic and number of hits per URL in Splunk?

Question

I have been using Splunk as a log monitoring tool but recently got to know that we will get network traffic and number of hits per URL.

For example, I have a URL like the one below and I want to know the total number of hits that occurred over the last week:

https://stackoverflow.com/

What would be the query that I need to write to get the number of hits (count) per day/period of time in Splunk?

I tried this:

"url" | stats sum(linecount) as Total

which is returning >1000 hits count for the last 15 minutes, which is not correct.

Thanks in advance.

Answer 1

Hi This below query is one of good example to get the site requests

index="bcom" "https://www.bloomingdales.com/" | stats sum(linecount) as Total

@Ravindra'S

Answer 2

It would be quick and accurate when you mention index, host and site names.

index name = environment of the application like SIT/UAT/QA/pre-prod/production

host name = In which instance application is hosted

site name = in my example it will be https://stackoverflow.com

Query = index="SIT*" host="*host_name*" "https://stackoverflow.com" "/questions" | stats sum(linecount) as Total

by executing above query I can get number of hits for stackoverflow.com/questions url.

The above query has given accurate results and in splunk we do have drop down option to select period of time.

Answer 3

Try one of these queries to return the total number of hits:

"url" | stats count

Or:

"url" | stats sum(count) as total