The search used looks like this:
index=my_sanitized_index_name sourcetype=web_access_logs | timechart count(eval(x_Status < 400)) as Success count(eval(x_Status>=400)) as Failure | addtotal row=f col=t labelfield=_time | eval SuccessRate = 100 * Success / (Success + Failure)
Where x_Status is the return code from a web server farm's collective access logs
In its current form, I did a search for the "last 15 minutes". It found 859,984 events and took 25.384 seconds to execute. I need to run this thing to give me stats for the last week. It usually stops working around the third hour.
I am completely new to Splunk, I am certain there is a better way to do this. I just don't know what that is. Help?
... View more