Being relatively new to Splunk, I was hoping somebody might be able to help. I'm trying to setup a trend analysis for certain URI's being attempted against many web instances across many hosts. I'd like to start trending for each uri (there are only a few uri's) hit, per web instance, per host, for each day to gather summary statistics.
You need to add those URL's in a variable. Then you need to construct your query like below.
index=indexname | timechart count by host
Thanks sanylscream. Is there a way to add my uri variables in the same search statement?
You will have to be more specific. Do you have a sample query that gets the data you are interested in, and a sample format of how you would like the trending report to look?
So for example, let's say I have 3 URI's that we see in our access.log; /myhome/bob.html, /yourhome/sarah.html, and /reji.jsp. I'd like to trend how often we see each occurrence on each web instance and host per day to starting gather summary statistics. So I'd like my dashboard to include hits per day for each web instance where found, and also summary statics for each hit - ie /reji.jsp was found on web-instance1,2,3, etc X-number of times this month.