hey!
i want to monitor php. at the moment i use splunk-6.0.2-196940-x64-release.
so for this goal i did the following steps:
1.start page splunk -->add data
2.hoose a data type -->a file or directory of files
3.consume any file on this splunk server -->next
1. set the path to my php log. -->continue
4.set source type -->log4php
5.how can i create a visualization of php?
thanks in advance!
Something like this?
index=your_php_index sourcetype=your_php_sourcetype php fatal error | rex "error:\s*(?<error_message>.+)" | top error_message
That search uses the access.log files in www1, www2, www3 directories, as referenced by the sourcetype
. top
counts the most frequently occurring categoryId
field values, and those counts are displayed graphically in a chart.
yes thats a good idea.i downloaded the tutorial data of splunk and after that, i indexed the data with splunk. then i type in the search field sourcetype=access_* status=200 action=purchase | top categoryId. this command creats a chart. but i don't really unterstand how splunk can create that. the source of this chart is the text document vendor_sales, right?
You really should go through the tutorial, that answers all those questions.
is that a search query with pipes? at the moment the data of php is indexed. how can i create an visualization? when i open the search button, i see a visualization tab. do i have to configure something inside this tab?
for example:
[22-Apr-2014 14:45:54 Europe/Berlin] PHP Fatal error: Call to a member function init() on a non-object in C:\Web-Sites\test.com\plugins\core.log\class.AJXP_Logger.php on line 297
[22-Apr-2014 14:37:30 Europe/Berlin] PHP Fatal error: Maximum execution time of 60 seconds exceeded in
C:\Web-Sites\test.com\index.php on line 68
the php log is a simple text document.
I don't see any sample data there.
i use this php log: http://php.net/error-log.
That depends on what your log events, specifically those with errors, look like.
for example a little overview of the errors. so that i can see very quickly which error appears most frequently.
Well, what do you want to visualize?
Take a look at http://docs.splunk.com/Documentation/Splunk/6.0.3/SearchTutorial/WelcometotheSearchTutorial for a decent start into basic visualizations.