Limiting the search to just "GET /jquery.sparkline/ " (note there's a space after that last forward slash) restricts the results to just hits to the main HTML page, excluding the javascript components that the browser loads subsequently. $results = $search->getJobEvents($job_id, true, null) 'search "GET /jquery.sparkline/ " | timechart span=2h count(_raw) by referer_domain useother=f where count in top20',Īrray('start_time'=>$starttime, 'end_time'=>$endtime) Run a search against the Splunk server $splunkSession = $splunk->Authenticate() We then open up a new connection to the Splunk server (the default is to connect to the one on localhost, used here) and run a search. Use 2 hour buckets for reasonable sized sparklines We'll just look at a 5 day window when the site was launched If you want to try this yourself, you can download the logs and code used for this example here: Media:sparkline-example.zip and load the log data into your own copy of Splunk (which of course you can download for free)įirst we load up the PHP SDK and set some variables to limit the start and end time we're interested in, along with the "bucket size" we want to use - As we want reasonably small sparklines, we want a small number of values - Limiting the report to a 5 day window with 2 hour buckets gives us 5*24/2 = 60 values per referrer. We'll then have the PHP page connect to Splunk and run a search against it to build the sparklines. NET CLR 6)" The first step is to startup an instance of Splunk and load the log data into it. The idea is to load the web server logs into Splunk and wirte a simple PHP page to connect to Splunk, run a search and chart the results in HTML using the sparkline plugin.Ī snipet from the web server log looks like this:ġ36.86.41.136 - "GET /jquery.sparkline/ HTTP/1.1" 200 7265 "-" "Mozilla/5.0 (compatible )" 211.63.36.192 - "GET /jquery.sparkline/ HTTP/1.1" 200 7265 "-" "Mozilla/4.0 (compatible MSIE 7.0 Windows NT 6.0 WOW64 SLCC1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |