You might need to detect trends in application errors over time when doing the following:
In order to execute this procedure in your environment, the following data, services, or apps are required:
- Splunk Enterprise or Splunk Cloud Platform
- Application server data
Most applications are coded to emit errors, warnings, and other problems to log files as they occur. It's not uncommon for applications to continuously emit a steady stream of errors. However, sudden increases in the volume of errors or a rise in error volumes over time might be a sign of a problem with the application. You want to monitor for spikes.
To optimize the search shown below, you should specify an index and a time range.
- Check that you have correctly installed and configured an application performance monitoring add-on.
- Run the following search:
host = <host to look at> (error OR fail* OR warn) | timechart span=5m count
|host=<host to look at>||Search a specific host.|
|(error OR fail* OR warn)||Find any application log events containing words such as “error”, “fail*”, or “warn”.|
|| timechart span=5m count||Graph the search results from the last 5 minutes.|
The result of this search is a bar chart that shows the frequency of errors over time. This is useful to see if errors occur more frequently at certain times. If so, look for a correlation with load or release dates of new code or patches.