Typically, when analyzing web requests, events often overlap with one another due to multiple users issuing requests concurrently. By identifying these overlapping requests, and further understanding the concurrency of events, you will gain a clearer picture of the true demand for both the resources and consumer demands.
In this recipe, you will write a Splunk search to find the number of concurrent checkouts over a given period of time. You will then graphically display this value on a dashboard using the line chart visualization.
To step through this recipe, you will need a running Splunk Enterprise server, with the sample data loaded from Chapter 1, Play Time – Getting Data In. You should have also completed the earlier recipes in this chapter and be familiar with navigating the Splunk user interface.
Follow the steps in this recipe to identify the number of concurrent checkouts over a given period of time:
index=main sourcetype=access_combined | transaction JSESSIONID startswith="GET /home" endswith="checkout" | concurrency duration=duration | timechart max(concurrency) AS "Concurrent Checkouts"
Count
as the title and click anywhere on the page.Your line chart visualization should now look similar to the following example:
cp06_concurrent_checkouts
in the Title field and then click on Save.-
Let's break down the search piece by piece:
Search fragment |
Description |
---|---|
|
You should be familiar with this search from the earlier recipes in this chapter. It is used to return events from the website access log. |
|
Using the |
|
The |
|
The |
The concurrency
command is a useful way of calculating concurrent events without using too much logic. In this recipe, you were able to use the command to identify the maximum amount of concurrent checkouts throughout the day.
For more information on the concurrency command, visit http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Concurrency.
18.217.116.183