Using Log Parser Studio To Find Guilty IP Addresses From X-Forwarded-For

You may have seen how to find guilty IP addresses in my post Using Log Parser Studio to Find Guilty IP Addresses, but if you have enabled the logging of X-Forwarded-For IP addresses in IIS you may want to use this updated version, which gets the top offending IP addresses based on the X-Forwarded-For header:

    count(X-Forwarded-For) as requestcount
WHERE date = '2016-08-08' 
GROUP BY X-Forwarded-For order by count(X-Forwarded-For) DESC

Don’t forget to change the date when you run this query.