Splunk Search

Trend analysis for summary statistics

stlimanika
New Member

Being relatively new to Splunk, I was hoping somebody might be able to help. I'm trying to setup a trend analysis for certain URI's being attempted against many web instances across many hosts. I'd like to start trending for each uri (there are only a few uri's) hit, per web instance, per host, for each day to gather summary statistics.

Tags (1)
0 Karma

sandyIscream
Communicator

You need to add those URL's in a variable. Then you need to construct your query like below.

index=indexname | timechart count by host

0 Karma

stlimanika
New Member

Thanks sanylscream. Is there a way to add my uri variables in the same search statement?

0 Karma

DalJeanis
Legend

You will have to be more specific. Do you have a sample query that gets the data you are interested in, and a sample format of how you would like the trending report to look?

0 Karma

stlimanika
New Member

So for example, let's say I have 3 URI's that we see in our access.log; /myhome/bob.html, /yourhome/sarah.html, and /reji.jsp. I'd like to trend how often we see each occurrence on each web instance and host per day to starting gather summary statistics. So I'd like my dashboard to include hits per day for each web instance where found, and also summary statics for each hit - ie /reji.jsp was found on web-instance1,2,3, etc X-number of times this month.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...