Trend analysis for summary statistics

stlimanika · ‎12-08-2017

Being relatively new to Splunk, I was hoping somebody might be able to help. I'm trying to setup a trend analysis for certain URI's being attempted against many web instances across many hosts. I'd like to start trending for each uri (there are only a few uri's) hit, per web instance, per host, for each day to gather summary statistics.

sandyIscream · ‎12-12-2017

You need to add those URL's in a variable. Then you need to construct your query like below.

index=indexname | timechart count by host

stlimanika · ‎12-13-2017

Thanks sanylscream. Is there a way to add my uri variables in the same search statement?

DalJeanis · ‎12-08-2017

You will have to be more specific. Do you have a sample query that gets the data you are interested in, and a sample format of how you would like the trending report to look?

stlimanika · ‎12-08-2017

So for example, let's say I have 3 URI's that we see in our access.log; /myhome/bob.html, /yourhome/sarah.html, and /reji.jsp. I'd like to trend how often we see each occurrence on each web instance and host per day to starting gather summary statistics. So I'd like my dashboard to include hits per day for each web instance where found, and also summary statics for each hit - ie /reji.jsp was found on web-instance1,2,3, etc X-number of times this month.

Trend analysis for summary statistics

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!