Skip to main content
 
Splunk Lantern

Trends in application errors over time

 

Most applications are coded to emit errors, warnings, and other problems to log files as they occur. It's not uncommon for applications to continuously emit a steady stream of errors. However, sudden increases in the volume of errors or a rise in error volumes over time might be a sign of a problem with the application. You want to monitor for spikes.

Procedure

  1. Check that you have correctly installed and configured an application performance monitoring add-on.
  2. Run the following search. You can optimize it by specifying an index and adjusting the time range.
    host = <host to look at> 
    (error OR fail* OR warn)
    | timechart span=5m count
    

Search explanation

Splunk Search Explanation
host=<host to look at> Search a specific host.
(error OR fail* OR warn) Find any application log events containing words such as “error”, “fail*”, or “warn”.
| timechart span=5m count Graph the search results from the last 5 minutes.

Next steps

The result of this search is a bar chart that shows the frequency of errors over time. This is useful to see if errors occur more frequently at certain times. If so, look for a correlation with load or release dates of new code or patches. 

Additionally, you might need to detect trends in application errors over time when using stack traces to detect application errors.