Splunk Search

Trend analysis for summary statistics

stlimanika
New Member

Being relatively new to Splunk, I was hoping somebody might be able to help. I'm trying to setup a trend analysis for certain URI's being attempted against many web instances across many hosts. I'd like to start trending for each uri (there are only a few uri's) hit, per web instance, per host, for each day to gather summary statistics.

Tags (1)
0 Karma

sandyIscream
Communicator

You need to add those URL's in a variable. Then you need to construct your query like below.

index=indexname | timechart count by host

0 Karma

stlimanika
New Member

Thanks sanylscream. Is there a way to add my uri variables in the same search statement?

0 Karma

DalJeanis
Legend

You will have to be more specific. Do you have a sample query that gets the data you are interested in, and a sample format of how you would like the trending report to look?

0 Karma

stlimanika
New Member

So for example, let's say I have 3 URI's that we see in our access.log; /myhome/bob.html, /yourhome/sarah.html, and /reji.jsp. I'd like to trend how often we see each occurrence on each web instance and host per day to starting gather summary statistics. So I'd like my dashboard to include hits per day for each web instance where found, and also summary statics for each hit - ie /reji.jsp was found on web-instance1,2,3, etc X-number of times this month.

0 Karma
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...