Skip to main content
Splunk Lantern

Trends in application errors over time

You might need to detect trends in application errors over time when doing the following:

Prerequisites 

In order to execute this procedure in your environment, the following data, services, or apps are required:

Example

Most applications are coded to emit errors, warnings, and other problems to log files as they occur. It's not uncommon for applications to continuously emit a steady stream of errors. However, sudden increases in the volume of errors or a rise in error volumes over time might be a sign of a problem with the application. You want to monitor for spikes.

To optimize the search shown below, you should specify an index and a time range. 

  1. Check that you have correctly installed and configured an application performance monitoring add-on.
  2. Run the following search:
    host = <host to look at> 
    (error OR fail* OR warn)
    | timechart span=5m count
    

Search explanation

Splunk Search Explanation
host=<host to look at> Search a specific host.
(error OR fail* OR warn) Find any application log events containing words such as “error”, “fail*”, or “warn”.
| timechart span=5m count Graph the search results from the last 5 minutes.

Result

The result of this search is a bar chart that shows the frequency of errors over time. This is useful to see if errors occur more frequently at certain times. If so, look for a correlation with load or release dates of new code or patches. 

  • Was this article helpful?