You may have seen how to find guilty IP addresses in my post Using Log Parser Studio to Find Guilty IP Addresses, but if you have enabled the logging of X-Forwarded-For IP addresses in IIS you may want to use this updated version, which gets the top offending IP addresses based on the X-Forwarded-For header:
SELECT
X-Forwarded-For,
count(X-Forwarded-For) as requestcount
FROM
'[LOGFILEPATH]'
WHERE
date = '2016-08-08'
GROUP BY
X-Forwarded-For
ORDER BY
count(X-Forwarded-For) DESCDon’t forget to change the date when you run this query.
Web Log Importer
If you are using Web Log Importer, you can get the same information using the following query:
SELECT
[X_Forwarded_For],
COUNT(1) AS RequestCount
FROM
LogEntry
WHERE
[date] = '2020-03-10'
GROUP BY
[X_Forwarded_For]
ORDER BY
COUNT(1) DESC