You might need to detect trends in application errors over time when doing the following:
Prerequisites
In order to execute this procedure in your environment, the following data, services, or apps are required:
Example
Most applications are coded to emit errors, warnings, and other problems to log files as they occur. It's not uncommon for applications to continuously emit a steady stream of errors. However, sudden increases in the volume of errors or a rise in error volumes over time might be a sign of a problem with the application. You want to monitor for spikes.
NOTE: To optimize the search shown below, you should specify an index and a time range.
- Run the following search:
host = <host to look at> (error OR fail* OR warn)
| timechart span=5m count
Search explanation
The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.
|
Splunk Search |
Explanation |
|
host = <host to look at> |
Search only one specific host. |
|
(error OR fail* OR warn) |
Find any application log events containing words such as “error”, “fail*”, or “warn”. |
|
| timechart span=5m count |
Graph the search results from the last 5 minutes. |
Result
The result of this search is a bar chart that shows the frequency of errors over time. This is useful to see if errors occur more frequently at certain times. If so, look for a correlation with load or release dates of new code or patches.
Comments
0 comments
Please sign in to leave a comment.