Alerting

Docker log response time metrics

saireddy
Loves-to-Learn Lots

Can you please help, how to construct stats  metrics for the below docker logs.

ThreadID=124;ThreadIDHex=0000007c;ThreadName=[XNIO-2 task-32];Node=XXXXXX;TransID=;ConsumerSenderID=NA;URI=/getBaselinedcategorylist;ServiceName=findXXXX;TranasactionStartTime=;TransactionEndTime=2021-11-05 05:34:34.366;TotalResponseTime=;TransactionStatus=SUCCESS;Method=GET;StatusCode=200;ErrorMsg=;CaptureLocation=MicroserviceResponse;
ThreadID=124;ThreadIDHex=0000007c;ThreadName=[XNIO-2 task-32];Node=XXXXXX;TransID=;ConsumerSenderID=NA;URI=/getBaselinedcategorylist;ServiceName=findXXXX;TranasactionStartTime=2021-11-05 05:34:34.264;TransactionEndTime=;TotalResponseTime=;TransactionStatus=;Method=GET;StatusCode=;ErrorMsg=;CaptureLocation=MicroserviceRequest;


status should give transactioncount , transactionstatus, average, 90thP URI Method.

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What do you have so far?

For example, have you extracted the fields you are interested in or is that the part you need help with?

How do you know these two events are related to each other?

Has _time already been correctly extracted from the log entries for each event?

0 Karma

saireddy
Loves-to-Learn Lots

I tried something like this

index=docker_* source="/applogs/containers/fob*" 
| rex field=source "/applogs/containers/(?<ServiceName>.*?)\."
| stats count(ThreadIDHex) as "Transaction Count" min(_time) as starttime max(_time) as endtime range(_time) as duration by ServiceName URI

Regarding how they are related, threadid and threadihex for both the logs are same. 

Tags (2)
0 Karma

saireddy
Loves-to-Learn Lots

Can anyone help?

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...