How to calculate the number of requests occurring ...

nramya82 · ‎10-02-2014

I am really new to splunk and can some one please help me I need to calculate number of request hitting our host so below is what written for every 15 minutes for one day in the log I am already using "Secure ABC" | search source = host which
filters and gives the below format but i need to calculate actual count (2345678-2340000) which is 5678 hitting 15 minutes like wise I have to find the count for whole day from the log. Any idea how to find difference

20140/09/28 06:45:00 Secure ABC : 2340000
20140/09/28 07:00:00 Secure ABC : 2345678
20140/09/28 07:15:00 Secure ABC : 2348900

ulrich_track · ‎10-02-2014

I would:
1. Extract the hits as a field with the field extractor
2. use delta count(yourfieldname) AS diff

ulrich_track · ‎10-07-2014

Here is the regex for extracting the field with the Field Extractor (Hits):
(?i) ABC : (?P.+)

And here is the statement I put in the search field:
| table date_month date_mday date_hour date_minute Hits | delta Hits as tempdiff | eval Difference=tempdiff*(-1)

I am first creating a table to display the time and the extracted field, which I called "Hits". Then I calculated the difference using the delta command. To remove the negative prefix, I multiplied the field with -1.

How to calculate the number of requests occurring per host from the search result

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life