Trends in application errors over time

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Most applications are coded to emit errors, warnings, and other problems to log files as they occur. It's not uncommon for applications to continuously emit a steady stream of errors. However, sudden increases in the volume of errors or a rise in error volumes over time might be a sign of a problem with the application. You want to monitor for spikes.

Data required

Application server data

How to use Splunk software for this use case

Check that you have correctly installed and configured an application performance monitoring add-on.
Run the following search. You can optimize it by specifying an index and adjusting the time range.
```
host = <host to look at> 
(error OR fail* OR warn)
| timechart span=5m count
```

Search explanation

Splunk Search	Explanation
`host=<host to look at>`	Search a specific host.
`(error OR fail* OR warn)`	Find any application log events containing words such as “error”, “fail*”, or “warn”.
`\| timechart span=5m count`	Graph the search results from the last 5 minutes.

Next steps

The result of this search is a bar chart that shows the frequency of errors over time. This is useful to see if errors occur more frequently at certain times. If so, look for a correlation with load or release dates of new code or patches.

Additionally, you might need to detect trends in application errors over time when using stack traces to detect application errors.