Quick First Query¶
This section is designed for users who have just downloaded SpectX and wish to run their first queries. There are two options for quickly pointing SpectX at some data:
With SpectX sample data¶
Input Dataand navigate to
Run. The first 1000 records are displayed in the results pane.
- To count the top 5 IPs making requests, replace the last row of the query (
| limit 1000) with the following and click
1 2 3
| select(clientIp, cnt:count(*)) | group(clientIp) | sort(cnt DESC)
To see these IPs on a map, you first need to configure downloading MaxMind geoip databases. You can then calculate geolocations of the IPs by running this query after the LIST and PARSE commands:
| select(country:CC(clientIp), as_name:ASNAME(clientIp), location:GEO(clientIp))
After executing this query, the
Map button appears in the top menu. Click it to get a visualisation.
Run this command to calculate top countries that the requests are coming from:
1 2 3 4
| select(country:CC(clientIp), volume:count(*)) | group(country) | sort(volume DESC) | limit(100)
click on ‘Chart’ to vizualise the results
Use a shortcut to create this query in seconds. After
| Type ‘top’ and press CTRL+SPACE. Replace the
<field> with the required fieldname.
With your own data in local storage¶
Input Data, choose
<filesystem> from the Data Store list and navigate to the desired file.