Hi,
I am new to Splunk and I managed to construct the below query to generate statistics with the help of the answer from richgalloway user.
I just want to group by the language and calculate the count of such occurences.
sample log, the url link starts with http, as I cant post any links directly now.
Aug 03 07:53:34 servername_APP_LOG [IN_PROD][12345678][APP_LOG][note] abc(NewService): Id(125678)[RESP][1.2.3.4] Globid(45678912): REQ=ABC.ElectronicsService,Customer=JIKL,NUM=34872,HTTPRES="200 OK",Fromcache=true,Result="",Op_name=ABCElectronicsService.getallpages.v1.0,Receive=Accepted,Policy=onepermin,Value=345,time=1,spent=2,Size=2,RspSize=123,Format=json,Actual=,remaining=2.3.4.5,Rest="GET url starting with http/salo/vbghj/gr/gr/val/prot/34567",Rwe="",Notice="",GH="version 1.1"
My current query(query is fine) by the help of richgalloway user in my previous question
"[APP_LOG]" "[IN_PROD]"
| rex "https?:\/\/.*?\/.*?\/(?<language>\w\w\/\w\w)\/"
| rex "rest=\"(?<Request>\w+)"
| stats count as RequestCount count(Customer=*) count(eval(HTTPRES="200 OK")) as SuccessCount count(eval(HTTPRES!="200 OK")) as FailureCount values(language) as Language values(Request) as Request by Customer, REQ
| table Customer, REQ, RequestCount, SuccessCount, FailureCount, Request, Language
I would like to get the table as follows, difference is just to get the count based on language instead of Requestcount and get the corresponding language.
Customer REQ Countperlanguage SuccessCount Failure Request Language
JIKL ABC.ElectronicsService 3 5 3 2 GET gr/gr
Tried like below grouping but it dint work.
"[APP_LOG]" "[IN_PROD]"
| rex "https?:\/\/.*?\/.*?\/(?<language>\w\w\/\w\w)\/"
| rex "rest=\"(?<Request>\w+)"
| stats count as RequestCount count(Customer=*) count(eval(HTTPRES="200 OK")) as SuccessCount count(eval(HTTPRES!="200 OK")) as FailureCount values(language) as Language values(Request) as Request by Customer, REQ, Language
| stats count as langcount count(Language)
| table Customer, REQ, langcount, SuccessCount, Failure, Request, Language
