Trends in application errors over time
Most applications are coded to emit errors, warnings, and other problems to log files as they occur. It's not uncommon for applications to continuously emit a steady stream of errors. However, sudden increases in the volume of errors or a rise in error volumes over time might be a sign of a problem with the application. You want to monitor for spikes.
Data required
Procedure
- Check that you have correctly installed and configured an application performance monitoring add-on.
- Run the following search. You can optimize it by specifying an index and adjusting the time range.
host = <host to look at> (error OR fail* OR warn) | timechart span=5m count
Search explanation
Splunk Search | Explanation |
---|---|
host=<host to look at> | Search a specific host. |
(error OR fail* OR warn) | Find any application log events containing words such as “error”, “fail*”, or “warn”. |
| timechart span=5m count | Graph the search results from the last 5 minutes. |
Next steps
The result of this search is a bar chart that shows the frequency of errors over time. This is useful to see if errors occur more frequently at certain times. If so, look for a correlation with load or release dates of new code or patches.
Additionally, you might need to detect trends in application errors over time when using stack traces to detect application errors.