Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Getting Data In
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: Reading Apache server-status output
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Reading Apache server-status output
mhouts001
Engager
07-25-2011
08:46 AM
Has anyone tried to have splunk parse the output of the machine readable apache server-status page, e.g http://$apachehost/server-status?auto
I need to keep track of the status of workers, whether they are waiting, logging, etc.
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ThomasKoeberlei
Explorer
10-20-2016
08:24 AM
Hi,
needed to change the line;
$body=~ m/<dt>([^\s]+) requests\/sec - ([^\s]+) (k*B)\/second - ([^\s]+) (k*B)\/request<\/dt>/;
to:
$body=~ m/<dt>([^\s]+) requests\/sec - ([^\s]+) (k*B)\/second - ([^\s]+) ([k,M]*B)\/request<\/dt>/;
regards,
-thomas
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
LK
Engager
08-02-2011
08:58 AM
Hi,
I fixed a few typos and extended the script to work on lower-traffic servers and to provide CPU usage:
#!/usr/bin/perl
###
#Simple script to parse Apache Server statistics for Splunk
###
use LWP::UserAgent;
@apache_urls=("http://server1/server-status","http://server2/server-status");
foreach $url (@apache_urls) {
my $ua = new LWP::UserAgent;
$ua->agent('Splunk Apache Statistics Script');
my $request = HTTP::Request->new('GET');
$request->url($url);
my $response = $ua->request($request);
my $body = $response->content;
### Extract stats
$body=~ m/Apache Server Status for ([^>]+)<\/h1>/;
$server_name=$1;
$body=~ m/Current Time: [^,]+, ([^<]+)<\/dt>/;
$timestamp=$1;
$body=~ m/<dt>([^\s]+) requests\/sec - ([^\s]+) (k*B)\/second - ([^\s]+) (k*B)\/request<\/dt>/;
$request_stats="requests_per_second=$1,$3_per_second=$2,$5_per_request=$4";
$body=~ m/<dt>([^\s]+) requests currently being processed, ([^\s]+) idle workers<\/dt>/;
$processing_stats="requests_currently_being_processed=$1,idle_workers=$2";
$body=~ m/<dt>CPU Usage: u([^\s]+) s([^\s]+) cu.* cs.* - ([^\s]+%) CPU load<\/dt>/;
$cpu_stats="user_cpu=$1,system_cpu=$2,cpu_load=$3";
print "$timestamp,ServerName=$server_name,$request_stats,$processing_stats,$cpu_stats \n";
}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
LK
Engager
08-02-2011
03:11 PM
Not sure why all the backslashes doubled themselves. Please be sure to correct that before using the script.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Brian_Osburn
Builder
07-25-2011
09:14 AM
I use a scripted input - I wrote a perl script to make a call to the Apache servers to pull stats..
I'll include the code below to get you started:
#!/usr/bin/perl
###
#Simple script to parse Apache Server statistics for Splunk
###
use LWP::UserAgent;
@apache_urls=("http://server1/server-status","http://server2/server-status","http://server3/server-status","http://server4/server-status");
foreach $url (@apache_urls) {
my $ua = new LWP::UserAgent;
$ua->agent('Splunk Apache Statistics Script');
my $request = HTTP::Request->new('GET');
$request->url($url);
my $response = $ua->request($request);
my $body = $response->content;
### Extract stats
$body=~ m/Apache Server Status for ([^>]+)<\/h1>/;
$server_name=$1;
$body=~ m/Current Time: [^,]+, ([^<]+)<\/dt>/;
$timestamp=$1;
$body=~ m/<dt>([^\s]+) requests\/sec - ([^\s]+) kB\/second - ([^\s]+) kB\/request<\/dt>/;
$request_stats="requests_per_second=$1,kB_per_second=$2,kB_per_request=$3";
$body=~ m/<dt> ([^\s]+) requests currently being processed, ([^\s]+) idle workers<\/dt>/;
$processing_stats="requests_currently_being_processed=$1,idle_workers=$2";
print "$timestamp,ServerName=$server_name,$request_stats,$processing_stats \n";
}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Brian_Osburn
Builder
07-26-2011
10:22 AM
Please accept the answer if it solves your issue.
Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
mhouts001
Engager
07-25-2011
02:01 PM
Outstanding, thank you. Figured this was the direction to take if there was no direct read of the status page.
Get Updates on the Splunk Community!
AI for AppInspect
We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...
App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community
As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...
Operationalizing Entity Risk Score with Enterprise Security 8.3+
Overview
Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...
