Hi Team,
I am new to Splunk portal. I have to search on multiple hosts for HTTP hits and display the result in single graph by application names hosted on the hosts. Not to display hostname.
Query is
host="*" source="/home/abc/tomcat/logs/localhost_access_log.txt" | chart count over host by date_wday | fields host monday tuesday wednesday thursday friday saturday sunday
This query displays HTTP traffic by hostanme. But i want to replace the hostname with respective application name.
Wanna show the application name instead of hostname on graph with http counts
Looking forward for your help
Thanks
Hello Ravi,
if you have your appname extracted then,
host="*" source="/home/abc/tomcat/logs/localhost_access_log.txt"|timechart count(application) by _time should work for you on dashboard. _time can replaced according to your requirement by other date fields.
Make a query and see on search app if its giving you the desired result or you may need to tweak a bit.
if application name is in a field or is in data coming from hosts then you can extract field of application.
If both the above case are not then make lookup file with host and respective application column. and use application name in search.
Yes you can put replace command , but count it first then apply the case/replace command. You can do a column chart to show your stats. Thanks
e.g.
host="*" source="/home/abc/tomcat/logs/app_error_log.txt" chart count by host| eval teamname=case(host="1234", "abc", host="5678", "def") |fields teamname,count
Hi Team,
I did not have application name in the application error logs (cant be extracted.
Please help if using replace .... with or case functionality i can display the name of application inplace of host name.
host="*" source="/home/abc/tomcat/logs/app_error_log.txt" | eval teamname=case(host="1234", "abc", host="5678", "def") |chart count by teamname
Thanks,
Ravinder
Thanks Kml, for the response.
I extracted the field but dont know how to fit that filed in query. i have extracted it as appname.
Can you please help me to get this in query with respective to the hostname
Thanks