3678828 - How to identify unique client IPs hitting a specific URL using OpenSearch Dev Tools

There is a need to identify which client IP addresses are requesting a specific URL path and how many requests each IP generated within a given time window, using OpenSearch logs. The analysis must return unique IPs with request counts, work reliably regardless of field mapping (text vs keyword), and allow straightforward adjustments of URL, host, time range, index scope, and result size.

Common use cases:

• Validate suspicious traffic against a specific endpoint (e.g., login, checkout, form submission) and quantify requests per IP in a defined window.
• Identify IPs with excessive request rates to apply appropriate IP filter sets on the targeted endpoint.
• Correlate incident spikes (e.g., 5xx errors, timeouts) with top IPs hitting the affected path and host.
• Audit consumption of a new or changed endpoint by listing which IPs access it most frequently.
• Distinguish bot traffic vs. human traffic patterns by IP distribution for a given URL and virtual host.

SAP Commerce Cloud

SAP Commerce Cloud, OpenSearch Dashboards, OpenSearch query, OpenSearch, Dev Tools Console, Dev Tools, access logs, IP distribution, top IPs, unique IP addresses, unique IPs, IP, IPs, request counts, aggregation query, terms aggregation, suspicious traffic, endpoint monitoring, brute force, bot traffic, bot traffic detection, form abuse, URL path analysis, host filter, IP enumeration, rate analysis, count requests by IP, top IPs by URL, unique client IP aggregation, identify IPs hitting URL, log analysis query, filter logs by host and path, retrieve IP, request counts, request count, excessive request rates, IP filter sets , KBA , CEC-SCC-CLA-ENV-LOM , Logging and Monitoring , How To