Solved: Aggregated HTTP Status Code per URL per a time bin...

brokenboard525 · ‎04-12-2024

Hi,

I have the following fields in logs on my proxy for backend services

_time -> timestamp
status_code -> http status code
backend_service_url -> app it is proxying

What I want to do is aggregate status codes by the minute per URL for each status code.
So sample output would look like:

time	backend-service	Status code 200	Status code 201	status code 202
10:00	app1.com	10		2
10:01	app1.com		10
10:01	app2.com	10

Columns would be dynamic based on the available status codes in the timeframe I am searching.

I found lot of questions on aggregating all 200's into 2xx or total counts by URL but not this. Appreciate any suggestions on how to do this.

Thanks!

ITWhisperer · ‎04-12-2024

| bin _time span=1m
| stats count by _time backend_service_url status_code
| eval {status_code}=count
| fields - status_code count
| stats values(*) as * by _time backend_service_url

View solution in original post

ITWhisperer · ‎04-12-2024

| bin _time span=1m
| stats count by _time backend_service_url status_code
| eval {status_code}=count
| fields - status_code count
| stats values(*) as * by _time backend_service_url

brokenboard525 · ‎04-12-2024

Right now!

What is the best visualization to plot such multi data sources?
It should illustrate the response codes from each back-end service as the time changes.

Aggregated HTTP Status Code per URL per a time bin/bucket

stats

timechart

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?