One of the data samples we loaded in Chapter 1, Play Time - Getting Data In, contained access logs from our web server. These have a Splunk source type of access_combined and detail all pages accessed by users of our web application. We are particularly interested in knowing which pages are being accessed the most, as this information provides great insight into how our e-commerce web application is being used. It could also help influence changes to our web application such that rarely visited pages are removed, or our application is redesigned to be more efficient.
In this recipe, we will write a Splunk search to find the most accessed web pages over a given period of time.