Visualization of IPs based on hit amount

steven.walsh · January 14, 2019, 11:43am

Hello all,

We're currently experiencing an issue on the sites we manage were web-scrapers are coming in and increasing our traffic. We have software for this but they are circumventing this by hitting the site once or twice and then changing IPS, so the third party software we use can't identify them in time. There's work there to resolve that but that's another topic.

I want to create a visualization to display the number of IP addresses with a certain amount of hits, say less than 5, between 5-15 etc. but I just can't get it displaying correctly. Having hits less than 5 is unusual for our sites so we'd like to build on this data and maybe create a watcher or some such for future notification.

We're using apache logs for this and we have what I think is standard enough. If more specific information on our solution is required let me know. Thanks in advance

jen-huang · January 15, 2019, 2:05am

Could you provide some example logs of your hits?

steven.walsh · January 17, 2019, 10:45am

Hi Jen, sorry on the delay. Example below of the field data for each log event, hope that's enough to go on

So I know in my head what to do; add the number of hits for each individual geoip.ip field, if total less than 5 add that to one section of visualization, if total between 5-15 add to another and so on. Still just can't get that out on to the screen

system · February 14, 2019, 10:45am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.