Re: Get response time from webserver access logs

svr2017 · ‎10-02-2017

Hi,

I am trying to get avg response time in a time frame from below web server access logs.

hostname:port 198.x.x.x - - - [29/Sep/2017:15:20:28 +0000] "POST /vendor-service-v2.1/VendorServiceProvider/v2.1.0 HTTP/1.1" 200 0/18688 1205 "-" "SAP NetWeaver Application Server (1.0;731)".

Here in above logs 0/18688 is the response time ( format is %T( time in seconds)/%D( time in micro seconds)).

Any help is much appreciated.
Thanks

HiroshiSatoh · ‎10-03-2017

Try this!

(your search)|rex field=_raw "^.\".\"\s\d*\s(?< response_time>[0-9/])\s.$"

svr2017 · ‎10-04-2017

I tried this, it isn't giving me any results and sorry my question should be to get the avg response time in a given time frame.

inventsekar · ‎10-03-2017

Hi, you just want to extract the "0/18688" thru rex or something else you want
can you post few more webserver access logs samples please..

svr2017 · ‎10-04-2017

yes I want to extract just that and below are more logs.

hostname:port 192.X.X.X - - - [04/Oct/2017:00:05:17 +0000] "POST /manage-service-v2.1/ManageProvider/v2.1.0 HTTP/1.1" 200 0/275844 4581 "-" "IBM WebServices/1.0"
hostname:port 192.X.X.X - - - [04/Oct/2017:00:05:17 +0000] "POST /manage-service-v2.1/ManageProvider/v2.1.0 HTTP/1.1" 200 0/538517 896 "-" "-"
hostname:port 192.X.X.X - - - [04/Oct/2017:00:05:17 +0000] "POST /manage-ervice-v2.1/ManageProvider/v2.1.0 HTTP/1.1" 200 0/242675 2762 "-" "-"
hostname:port 192.X.X.X - - - [04/Oct/2017:00:05:18 +0000] "POST /manage-service-v1.1/ManageProvider/v1.1.0 HTTP/1.1" 200 0/16996 1249 "-" "-"- 172.23.176.4 - - - [04/Oct/2017:00:05:18 +0000] "GET /" 200 0/1258 195 "-" "-"
hostname:port 192.X.X.X - - - [04/Oct/2017:00:05:18 +0000] "POST /manage-service-v2.1/ManageProvider/v2.1.0 HTTP/1.1" 200 0/23896 1701 "-" "SAP NetWeaver Application Server (1.0;731)"
hostname:port 192.X.X.X - - - [04/Oct/2017:00:05:19 +0000] "POST /manage-credit-service-v2.1/ManageProvider/v2.1.0 HTTP/1.1" 200 0/26037 942 "-" "SAP NetWeaver Application Server (1.0;731)"
hostname:port 192.X.X.X - - - [04/Oct/2017:00:05:19 +0000] "POST /manage-credit-service-v2.1/ManageProvider/v2.1.0 HTTP/1.1" 200 0/248812 987 "-" "IBM WebServices/1.0"

naming syntax -- (?)

svr2017 · ‎10-04-2017

yes I want to extract just that and below are more logs.

hostname:port 192.X.X.X - - - [04/Oct/2017:00:05:17 +0000] "POST /manage-service-v2.1/ManageProvider/v2.1.0 HTTP/1.1" 200 0/275844 4581 "-" "IBM WebServices/1.0"
hostname:port 192.X.X.X - - - [04/Oct/2017:00:05:17 +0000] "POST /manage-service-v2.1/ManageProvider/v2.1.0 HTTP/1.1" 200 0/538517 896 "-" "-"
hostname:port 192.X.X.X - - - [04/Oct/2017:00:05:17 +0000] "POST /manage-ervice-v2.1/ManageProvider/v2.1.0 HTTP/1.1" 200 0/242675 2762 "-" "-"
hostname:port 192.X.X.X - - - [04/Oct/2017:00:05:18 +0000] "POST /manage-service-v1.1/ManageProvider/v1.1.0 HTTP/1.1" 200 0/16996 1249 "-" "-"- 172.23.176.4 - - - [04/Oct/2017:00:05:18 +0000] "GET /" 200 0/1258 195 "-" "-"
hostname:port 192.X.X.X - - - [04/Oct/2017:00:05:18 +0000] "POST /manage-service-v2.1/ManageProvider/v2.1.0 HTTP/1.1" 200 0/23896 1701 "-" "SAP NetWeaver Application Server (1.0;731)"
hostname:port 192.X.X.X - - - [04/Oct/2017:00:05:19 +0000] "POST /manage-credit-service-v2.1/ManageProvider/v2.1.0 HTTP/1.1" 200 0/26037 942 "-" "SAP NetWeaver Application Server (1.0;731)"
hostname:port 192.X.X.X - - - [04/Oct/2017:00:05:19 +0000] "POST /manage-credit-service-v2.1/ManageProvider/v2.1.0 HTTP/1.1" 200 0/248812 987 "-" "IBM WebServices/1.0"

naming syntax -- (?)

Get response time from webserver access logs

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life