Find top IP in access log

awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr | head -10

Source: https://www.tecmint.com/find-top-ip-address-accessing-apache-web-server/

Get top /20 for ipv6

THRESHOLD=10

# 1. Count uniques
sort acces.log | uniq -c > ips_count.txt

# 2. Create /20 blocks without strtonum()
awk -v t="$THRESHOLD" '{
    count = $1
    ip = $2
    split(ip, h, ":")
    h1 = h[1]
    # Bash-style hex AND: printf + substr
    cmd = "printf \"%x\" $((0x" h[2] " & 0xF0))"
    cmd | getline h2_prefix
    close(cmd)
    block = h1 ":" h2_prefix "::/20"
    blocks[block] += count
}
END {
    for (b in blocks)
        if (blocks[b] >= t)
            print blocks[b], b
}' ips_count.txt | sort -nr | head -50