Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Getting Data In
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: Reading Apache server-status output
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reading Apache server-status output
mhouts001
Engager
07-25-2011
08:46 AM
Has anyone tried to have splunk parse the output of the machine readable apache server-status page, e.g http://$apachehost/server-status?auto
I need to keep track of the status of workers, whether they are waiting, logging, etc.
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ThomasKoeberlei
Explorer
10-20-2016
08:24 AM
Hi,
needed to change the line;
$body=~ m/<dt>([^\s]+) requests\/sec - ([^\s]+) (k*B)\/second - ([^\s]+) (k*B)\/request<\/dt>/;
to:
$body=~ m/<dt>([^\s]+) requests\/sec - ([^\s]+) (k*B)\/second - ([^\s]+) ([k,M]*B)\/request<\/dt>/;
regards,
-thomas
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
LK
Engager
08-02-2011
08:58 AM
Hi,
I fixed a few typos and extended the script to work on lower-traffic servers and to provide CPU usage:
#!/usr/bin/perl
###
#Simple script to parse Apache Server statistics for Splunk
###
use LWP::UserAgent;
@apache_urls=("http://server1/server-status","http://server2/server-status");
foreach $url (@apache_urls) {
my $ua = new LWP::UserAgent;
$ua->agent('Splunk Apache Statistics Script');
my $request = HTTP::Request->new('GET');
$request->url($url);
my $response = $ua->request($request);
my $body = $response->content;
### Extract stats
$body=~ m/Apache Server Status for ([^>]+)<\/h1>/;
$server_name=$1;
$body=~ m/Current Time: [^,]+, ([^<]+)<\/dt>/;
$timestamp=$1;
$body=~ m/<dt>([^\s]+) requests\/sec - ([^\s]+) (k*B)\/second - ([^\s]+) (k*B)\/request<\/dt>/;
$request_stats="requests_per_second=$1,$3_per_second=$2,$5_per_request=$4";
$body=~ m/<dt>([^\s]+) requests currently being processed, ([^\s]+) idle workers<\/dt>/;
$processing_stats="requests_currently_being_processed=$1,idle_workers=$2";
$body=~ m/<dt>CPU Usage: u([^\s]+) s([^\s]+) cu.* cs.* - ([^\s]+%) CPU load<\/dt>/;
$cpu_stats="user_cpu=$1,system_cpu=$2,cpu_load=$3";
print "$timestamp,ServerName=$server_name,$request_stats,$processing_stats,$cpu_stats \n";
}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
LK
Engager
08-02-2011
03:11 PM
Not sure why all the backslashes doubled themselves. Please be sure to correct that before using the script.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Brian_Osburn
Builder
07-25-2011
09:14 AM
I use a scripted input - I wrote a perl script to make a call to the Apache servers to pull stats..
I'll include the code below to get you started:
#!/usr/bin/perl
###
#Simple script to parse Apache Server statistics for Splunk
###
use LWP::UserAgent;
@apache_urls=("http://server1/server-status","http://server2/server-status","http://server3/server-status","http://server4/server-status");
foreach $url (@apache_urls) {
my $ua = new LWP::UserAgent;
$ua->agent('Splunk Apache Statistics Script');
my $request = HTTP::Request->new('GET');
$request->url($url);
my $response = $ua->request($request);
my $body = $response->content;
### Extract stats
$body=~ m/Apache Server Status for ([^>]+)<\/h1>/;
$server_name=$1;
$body=~ m/Current Time: [^,]+, ([^<]+)<\/dt>/;
$timestamp=$1;
$body=~ m/<dt>([^\s]+) requests\/sec - ([^\s]+) kB\/second - ([^\s]+) kB\/request<\/dt>/;
$request_stats="requests_per_second=$1,kB_per_second=$2,kB_per_request=$3";
$body=~ m/<dt> ([^\s]+) requests currently being processed, ([^\s]+) idle workers<\/dt>/;
$processing_stats="requests_currently_being_processed=$1,idle_workers=$2";
print "$timestamp,ServerName=$server_name,$request_stats,$processing_stats \n";
}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Brian_Osburn
Builder
07-26-2011
10:22 AM
Please accept the answer if it solves your issue.
Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
mhouts001
Engager
07-25-2011
02:01 PM
Outstanding, thank you. Figured this was the direction to take if there was no direct read of the status page.
Get Updates on the Splunk Community!
Building Reliable Asset and Identity Frameworks in Splunk ES
Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...
Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting
For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...
Automatic Discovery Part 3: Practical Use Cases
If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...
