Solved: How to display requests_currently_being_processed ...

splunkman341 · ‎05-20-2015

Hi guys,

So today I am trying to graph "requests_currently_being_processed" by server by time- over 1 hour period.

The log which I am trying to form the search from is as follows:

Can someone please lend me a land? If you need any clarification, please let me know how I can help.

Thanks

woodcock · ‎07-31-2015

The quickest way is as follows:

... | rex "requests_per_second=(?<requests_per_second>[^,]*)," | timechart span=1h avg(requests_per_second) BY server

View solution in original post

woodcock · ‎07-31-2015

The quickest way is as follows:

... | rex "requests_per_second=(?<requests_per_second>[^,]*)," | timechart span=1h avg(requests_per_second) BY server

richgalloway · ‎05-20-2015

What have you tried so far? Regex should be unnecessary since your data is already in keyword=value format so Splunk can automatically extract the fields.

---
If this reply helps you, Karma would be appreciated.

splunkman341 · ‎05-20-2015

I have tried doing :

index=mobile_app sourcetype=apache_status_log "requests_per_second=" | timechart span=1d limit=5 count by host

But that is not correct. I want it to display all the requests per second over an hour span for each of the hosts.

richgalloway · ‎05-20-2015

How is it not correct? The host field is not necessarily the name of the server that processed the request. I believe you want index=mobile_app sourcetype=apache_status_log "requests_per_second" | timechart span=1h limit=5 values(requests_per_second) by ServerName.

---
If this reply helps you, Karma would be appreciated.

How to display requests_currently_being_processed = (number) ?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life