Most used assets of a web application
Your application support team wants to use the Splunk platform with web access logs to see which web assets are used most. You need to make sure your deployment is configured correctly and create a search they can use.
To complete this process, your deployment needs to ingest normalized data, populating the Web data model in the Common Information Model (CIM). For information on installing and using the CIM, see the Common Information Model documentation.
- To verify you are searching for normalized web data, run the following search. You can optimize it by specifying an index and adjusting the time range.
earliest=-1day index=* tag=web | head 10
- Do one of the following:
- If you do not receive results, check that you have correctly installed and configured a web data add-on, such as Splunk Add-on for Apache Web Server or Splunk Add-on for Microsoft IIS.
- If you receive results, run the following search:
tag=web | stats count BY uri_path, status | sort limit=20 -count
The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.
|tag=web||Search for events that are tagged as web events.|
|| stats count BY uri_path, status||Count the number of events and group them by URI and status.|
|| sort limit=20 -count||Sort the top 20 results with the largest count first.|
You can use this information to troubleshoot production issues for users and identify areas to improve navigation or performance.
You might need to find out which parts of your application are used most when monitoring web application performance.