Sumeet Kumar Yadav
Reputation: 12995
Splunk group by request url count
I have a below event listed in Splunk. It logs the distinct API call made to services. Like in below example my-bag , my-basket , my-cart as distinct services and URL pattern of call is always /api/{service-name}/{v1 or v2 }/{ method name}? token = {dynamic token}. How to group by its service and get the respective count.
Group By output
Service Count
-----------
my-bag 2
my-basket 2
my-cart 1
Logs
[host=abc.com request="GET /api/my-bag/v1/add?token=8989khk768yb887" status="200" ]
[host=abc.com request="GET /api/my-basket/v1/max?token=798797hjkhjkjgh8" status="200" ]
[host=abc.com request="GET /api/my-cart/v1/add?token=78765hghjgjh" status="200" ]
[host=abc.com request="GET /api/my-bag/v1/add?token=799865mnbjhgj6" status="200" ]
[host=abc.com request="GET /api/my-basket/v1/count?token=787jkhkjhk" status="200" ]
Upvotes: 1
Views: 1373
Answers (1)
PM 77-1
Reputation: 13344
Something like this:
your original search
| rex "(GET|POST|DELETE|PATCH) /api/(?<service>[\w\-]+)/"
| stats count by service
Upvotes: 3
Related Questions
- Splunk query - Total or Count by field
- Splunk group by stats with where condition
- Output counts grouped by field values by for date in Splunk
- Count and sum in splunk
- Splunk: count by Id
- Splunk count 2 different fields with two different group by without displaying them
- How to find traffic and number of hits per URL in Splunk?
- How get max count of request in time in splunk
- Splunk Query Count of Count
- How to get the number of "unique" request with splunk