Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Aggregating uri_paths with unique value

tamnor
Explorer
‎11-27-2012 01:04 PM

Hi all

I am using Splunk to gather info on usage and performance of various web applications . I am interested to know how many times certain http transactions are performed over a timeframe and what the average, min and max response times are for each transaction. I can run a query like ..

index=arena_repairs_uat | stats count avg(responseTime) BY uri_path

and this gives me a pretty good report aggregating all the different types of http request with the number of times it was sent and the average response time.

However some of the http requests have a dynamic unique repair id value in them such as ...

/arena/repair/motor/12434/addNewQuoteForEachRepairer.ajax

I want to tell the search to ignore the unique repair id and treat these as the same type of request. With the above request it treats these as separate request types.

I know I can do a search like ..

index=arena_repairs_uat uri_path="/arena/repair/motor/*/addNewQuoteForEachRepairer.ajax"

to group all these requests together in a single search but I need to incorporate this in the initial search that gets info on all request types and their count and average response times.

Any help would be much appreciated.

Tags (2)
0 Karma
Reply

tamnor
Explorer
‎11-27-2012 03:30 PM

Thanks jonuwz for the quick response. That works perfectly. Cheers.

0 Karma
Reply

jonuwz
Influencer
‎11-27-2012 01:36 PM

You can strip out the numbers with rex mode=sed like this :

... | rex field=uri_path mode=sed "s/repair\/motor\/[0-9]+/repair\/motor/"

assuming the repair id is always just numbers

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...