Generally web and app server record the response times along with URL, http status code, etc in the access.log. CQ5 however, records response times in their request.log which is a multiline file. Is is possible for splunk to parce the multiline file?
here is some example output of the file:
24/May/2013:10:09:50 -0400 [1638] -> GET /crx/server/crx.default/jcr%3aroot/var.1.json?_dc=1369404590843&node=xnode-264 HTTP/1.1
24/May/2013:10:09:50 -0400 [1638] <- 200 text/plain;charset=utf-8 8ms
24/May/2013:10:10:00 -0400 [1639] -> GET /crx/server/crx.default/jcr%3aroot/libs.1.json?_dc=1369404600880&node=xnode-265 HTTP/1.1
24/May/2013:10:10:00 -0400 [1639] <- 200 text/plain;charset=utf-8 6ms
The 1st line of each is the Request and the second is the response. at the end of the response line it shows you the time in milliseconds it took to process (the metric i'm looking for). For each pair there is a transaction ID that ties the two together. in this example the requests and the responses are next to each other, but on a busy system they could be lines apart in the log file.
How can I leverage splunk with this use case?
... View more