Quick First Query

This section is designed for users who have just downloaded SpectX and wish to run their first queries. There are two options for quickly pointing SpectX at some data:

With SpectX sample data

  1. Click Input Data and navigate to s3s://spectx-docs/formats/log/apache/apache_access.log.sx.gz
  2. Click prepare query then Run. The first 1000 records are displayed in the results pane.
  3. To count the top 5 IPs making requests, replace the last row of the query (| limit 1000) with the following and click Run.
1
2
3
| select(clientIp, cnt:count(*))
| group(clientIp)
| sort(cnt DESC)

To see these IPs on a map, you first need to configure downloading MaxMind geoip databases. You can then calculate geolocations of the IPs by running this query after the LIST and PARSE commands:

1
| select(country:CC(clientIp), as_name:ASNAME(clientIp), location:GEO(clientIp))

After executing this query, the Map button appears in the top menu. Click it to get a visualisation.

Run this command to calculate top countries that the requests are coming from:

1
2
3
4
| select(country:CC(clientIp), volume:count(*))
| group(country)
| sort(volume DESC)
| limit(100)

Note

click on ‘Chart’ to vizualise the results

Hint

Use a shortcut to create this query in seconds. After | Type ‘top’ and press CTRL+SPACE. Replace the <field> with the required fieldname.

With your own data in local storage

Click Input Data, choose <filesystem> from the Data Store list and navigate to the desired file.