Getting Data In

monitoring php

jimmyfallon
New Member

hey!

i want to monitor php. at the moment i use splunk-6.0.2-196940-x64-release.
so for this goal i did the following steps:
1.start page splunk -->add data
2.hoose a data type -->a file or directory of files
3.consume any file on this splunk server -->next
1. set the path to my php log. -->continue
4.set source type -->log4php
5.how can i create a visualization of php?

thanks in advance!

Tags (2)
0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Something like this?

index=your_php_index sourcetype=your_php_sourcetype php fatal error | rex "error:\s*(?<error_message>.+)" | top error_message
0 Karma

martin_mueller
SplunkTrust
SplunkTrust

That search uses the access.log files in www1, www2, www3 directories, as referenced by the sourcetype. top counts the most frequently occurring categoryId field values, and those counts are displayed graphically in a chart.

0 Karma

jimmyfallon
New Member

yes thats a good idea.i downloaded the tutorial data of splunk and after that, i indexed the data with splunk. then i type in the search field sourcetype=access_* status=200 action=purchase | top categoryId. this command creats a chart. but i don't really unterstand how splunk can create that. the source of this chart is the text document vendor_sales, right?

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

You really should go through the tutorial, that answers all those questions.

0 Karma

jimmyfallon
New Member

is that a search query with pipes? at the moment the data of php is indexed. how can i create an visualization? when i open the search button, i see a visualization tab. do i have to configure something inside this tab?

0 Karma

jimmyfallon
New Member

for example:
[22-Apr-2014 14:45:54 Europe/Berlin] PHP Fatal error: Call to a member function init() on a non-object in C:\Web-Sites\test.com\plugins\core.log\class.AJXP_Logger.php on line 297
[22-Apr-2014 14:37:30 Europe/Berlin] PHP Fatal error: Maximum execution time of 60 seconds exceeded in
C:\Web-Sites\test.com\index.php on line 68

the php log is a simple text document.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

I don't see any sample data there.

0 Karma

jimmyfallon
New Member

i use this php log: http://php.net/error-log.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

That depends on what your log events, specifically those with errors, look like.

0 Karma

jimmyfallon
New Member

for example a little overview of the errors. so that i can see very quickly which error appears most frequently.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

Well, what do you want to visualize?

Take a look at http://docs.splunk.com/Documentation/Splunk/6.0.3/SearchTutorial/WelcometotheSearchTutorial for a decent start into basic visualizations.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...