I wanted to make this post for myself, since I always forget and need to google this. Basically, I wanted to see who the heavy traffic IPs were to a certain website on the server. I have access_logs broken out per vhosts, so typically I tail or grep these logs for a variety of reasons. Now, I want to see distinct IPs, and the number of entries, sorted with the most to the least. This is how you do it.

sed -e 's/\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/' -e t -e d access_log | sort | uniq -c | sort -r | less