Splunk 简单笔记

2024-03-09 09:55:47

Splunk Notes

source="c:\logs\abc.log" 
| rex field=url "(?<=\/)(?<ApiId>\w+?)(?=$|\?)"
| search url != "*/swagger/"
| spath output=timeSpent path=durationInMs
| spath output=status path=data.statusCode
| evel error = if(status != 200, 1, 0)
| stats count as total, avg(timeSpent) as avgTimeSpent, sum(error) as errCount by ApiId
| eval errorRate = round(100 * errCount / total, 2), avgTimeSpent= round(avgSpentTime, 2)
| sort total desc
上一篇:vscode配制perl环境


下一篇:卧槽!perl和C语言实现对比,perl代码量太赞了!