We needed this to understand the source of a large influx of requests for a given URI pattern.<\/p>\n
\r\nimport splunklib.client as client\r\nimport splunklib.results as results\r\n\r\nservice = client.connect(host=\"*******\",port=\"8089\",username=\"showard\",password=\"************\")\r\n\r\njob = \"\"\"\t\r\nsearch host=\\\"cmhlpecomweb*\\\" sourcetype=access_combined karlie-kloss | \r\n eval temp=split(_raw,\\\"\\t\\\") | \r\n eval tm=mvindex(temp,13) | \r\n rex field=tm \"(?\\d+\\.\\d+\\.\\d+)\" | \r\n stats count by ip | sort - count | head 50\r\n\"\"\"\r\n\r\nrr = results.ResultsReader(service.jobs.oneshot(job,**{\"earliest_time\":\"2017-04-04T11:00:00.000-04:00\",\"latest_time\":\"2017-04-04T18:00:00.000-04:00\",\"count\": 0}))\r\n\r\nfor result in rr:\r\n print result['ip'],result['count']\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":" We needed this to understand the source of a large influx of requests for a given URI pattern. import splunklib.client as client import splunklib.results as results service = client.connect(host=”*******”,port=”8089″,username=”showard”,password=”************”) job = “”” search host=\\”cmhlpecomweb*\\” sourcetype=access_combined karlie-kloss | eval temp=split(_raw,\\”\\t\\”) |…<\/p>\n