Splunk IT Service Intelligence
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to calculate response time from haproxy logs

ravir_jbp
Explorer
‎02-15-2021 10:26 AM

Below are the HP proxy logs format Where in we see Get and post entries along with the status code and response time in milli seconds.(example- 200 (status code) 5715(is response time in miliseconds). I like to calculate the average response time in 1 minute interval.

 

 

Feb 15 12:19:49 localhost haproxy[7046]: XX.XX.XXX.X:41534 [15/Feb/2021:12:19:49.989] xyz rest_service/rest-hostname-port 0/0/0/6/6 200 5715 - - --VN 73/73/7/0/0 0/0 "GET /filterservices/xx/sadfsfsd HTTP/1.1"

Feb 15 12:19:49 localhost haproxy[7046]: XX.XX.XXX.X:50177 [15/Feb/2021:12:19:49.955] xyz rest_service/rest-hostname-port 0/0/0/2/3 200 1541 - - --VN 73/73/7/0/0 0/0 "GET /contentservices/js/feedback_container.js?_=234324255 HTTP/1.1"

Feb 15 12:19:49 localhost haproxy[37427]: XX.XX.XXX.X:56769 [15/Feb/2021:12:19:49.655] xyz sserices/servuce.service-hostname 0/0/0/7/9 200 2848 - - ---- 79/79/1/1/0 0/0 "POST /service/service/select HTTP/1.1"

Labels (1)
Labels
Tags (1)
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-15-2021 07:27 PM

Hi @ravir_jbp,

Additon to @lperini_splunk, below regex should work;

| makeresults
| eval _raw = "Feb 15 12:19:49 localhost haproxy[7046]: XX.XX.XXX.X:41534 [15/Feb/2021:12:19:49.989] xyz rest_service/rest-hostname-port 0/0/0/6/6 200 5715 - - --VN 73/73/7/0/0 0/0 \"GET /filterservices/xx/sadfsfsd HTTP/1.1"
| rex "\s(?:\d\/){4}\d\s\d{3}\s+(?<myresponsetime>[\d]+)\s"
| timechart span=1m avg(myresponsetime)
If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

lperini_splunk
Splunk Employee
Splunk Employee
‎02-15-2021 11:14 AM

I know it is not ideal (the regex is considering the 200 status code and it is hardcoded), but just to ilustrate:

| makeresults
| eval _raw = "Feb 15 12:19:49 localhost haproxy[7046]: XX.XX.XXX.X:41534 [15/Feb/2021:12:19:49.989] xyz rest_service/rest-hostname-port 0/0/0/6/6 200 5715 - - --VN 73/73/7/0/0 0/0 \"GET /filterservices/xx/sadfsfsd HTTP/1.1"
| rex "200\s+(?<myresponsetime>[\d]+)"
| timechart span=1m avg(myresponsetime)
0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...