jwkidd3 · September 18, 2018 22:12 · alyeung · Sep 18, 2018
diff --git a/splunk b/splunk
 sourcetype="access_combined_wcookie" status=200|stats count as views count(eval(action="addtocart")) as addtocart count(eval(action="purchase")) as purchases by productName |eval viewstopurchases=(purchases/views) *100| eval carttopurchases=(purchases/addtocart) *100| table productName views addtocart purchases viewstopurchases carttopurchases | rename productName as "Product Name", views as "Views", addtocart as "Adds to Cart", purchases as "Purchases"

 Field Extraction
 (?i)^(?:[^"]*"){8}\s+(?P<response>.+)

 index=main sourcetype=access_combined| eval browser=useragent|replace *Firefox* with Firefox , *Chrome* with Chrome, *MSIE* with IE, *Version*Safari* with Safari , *Opera* with Opera in browser|top limit=5 useother=t browser

 index=main sourcetype=access_combined| eval os=useragent|replace *Windows* with Windows, *Macintosh* with Apple, *Linux* with Linux in os| top limit=3 useother=t os

 index=main sourcetype=access_combined|stats dc(clientip) as Referals by referer_domain|sort - Referals

 index=main sourcetype=access_combined uri_path="/addItem" OR uri_path="/checkout" | chart count(eval(like(status,"2%"))) as Success, count(eval(like(status,"4%")OR like(status,"5%"))) as Error by uri_path| addcoltotals label=Total labelfield=uri_path

 index=main sourcetype=access_combined | timechart span=6h avg(response) AS avgResp | eval avgResp=round(avgResp/1000,2)

 index=main sourcetype=access_combined uri_path="/viewItem" OR uri_path="/addItem" status=200|dedup JSESSIONID uri_path item|chart count(eval(uri_path="/viewItem")) as view, count(eval(uri_path="/addItem")) as add by item|sort - view|head 10|eval cart_conversion=round(add/view*100)."%"

 index=main sourcetype=log4j |  transaction maxspan=4h threadId| timechart span=6h max(duration) as max, mean(duration) as mean, min(duration) as min

 index=main sourcetype=log4j perfType="MEMORY"|eval mem_used_pc=round((mem_used/mem_total)*100)|eval mem_remaining_pc=(100-mem_used_pc)|timechart span=15m avg(mem_used_pc) as mem_used avg(mem_remaining_pc) as mem_remaining

 index=main sourcetype=log4j perfType="DB"| eval threshold=con_total/100*70 | where con_used>=threshold | timechart span=2h count(con_used) as CountOverThreshold

 index=main sourcetype=access_combined |transaction JSESSIONID startswith="GET /home" endswith="checkout"|stats avg(duration) as avg_checkout_time

 index=main sourcetype=access_combined |transaction JSESSIONID startswith="GET /home" endswith="checkout" maxpause=29s maxspan=30m maxevents=300|stats avg(duration) as avg_checkout_time

 index=main sourcetype=access_combined | join JSESSIONID usetime=true earlier=false  [search index=main sourcetype=log4j|transaction threadId maxspan=5m|eval JSESSIONID=sessionId] | stats avg(duration) as avg_time

 https://www.surveymonkey.com/r/J3J6CL7
 [email protected]
	sourcetype="access_combined_wcookie" status=200\|stats count as views count(eval(action="addtocart")) as addtocart count(eval(action="purchase")) as purchases by productName \|eval viewstopurchases=(purchases/views) 100\| eval carttopurchases=(purchases/addtocart) 100\| table productName views addtocart purchases viewstopurchases carttopurchases \| rename productName as "Product Name", views as "Views", addtocart as "Adds to Cart", purchases as "Purchases"

	Field Extraction
	(?i)^(?:[^"]*"){8}\s+(?P<response>.+)

	index=main sourcetype=access_combined\| eval browser=useragent\|replace Firefox with Firefox , Chrome with Chrome, MSIE with IE, VersionSafari* with Safari , Opera with Opera in browser\|top limit=5 useother=t browser

	index=main sourcetype=access_combined\| eval os=useragent\|replace Windows with Windows, Macintosh with Apple, Linux with Linux in os\| top limit=3 useother=t os

	index=main sourcetype=access_combined\|stats dc(clientip) as Referals by referer_domain\|sort - Referals

	index=main sourcetype=access_combined uri_path="/addItem" OR uri_path="/checkout" \| chart count(eval(like(status,"2%"))) as Success, count(eval(like(status,"4%")OR like(status,"5%"))) as Error by uri_path\| addcoltotals label=Total labelfield=uri_path

	index=main sourcetype=access_combined \| timechart span=6h avg(response) AS avgResp \| eval avgResp=round(avgResp/1000,2)

	index=main sourcetype=access_combined uri_path="/viewItem" OR uri_path="/addItem" status=200\|dedup JSESSIONID uri_path item\|chart count(eval(uri_path="/viewItem")) as view, count(eval(uri_path="/addItem")) as add by item\|sort - view\|head 10\|eval cart_conversion=round(add/view*100)."%"

	index=main sourcetype=log4j \| transaction maxspan=4h threadId\| timechart span=6h max(duration) as max, mean(duration) as mean, min(duration) as min

	index=main sourcetype=log4j perfType="MEMORY"\|eval mem_used_pc=round((mem_used/mem_total)*100)\|eval mem_remaining_pc=(100-mem_used_pc)\|timechart span=15m avg(mem_used_pc) as mem_used avg(mem_remaining_pc) as mem_remaining

	index=main sourcetype=log4j perfType="DB"\| eval threshold=con_total/100*70 \| where con_used>=threshold \| timechart span=2h count(con_used) as CountOverThreshold

	index=main sourcetype=access_combined \|transaction JSESSIONID startswith="GET /home" endswith="checkout"\|stats avg(duration) as avg_checkout_time

	index=main sourcetype=access_combined \|transaction JSESSIONID startswith="GET /home" endswith="checkout" maxpause=29s maxspan=30m maxevents=300\|stats avg(duration) as avg_checkout_time

	index=main sourcetype=access_combined \| join JSESSIONID usetime=true earlier=false [search index=main sourcetype=log4j\|transaction threadId maxspan=5m\|eval JSESSIONID=sessionId] \| stats avg(duration) as avg_time

	https://www.surveymonkey.com/r/J3J6CL7
	[email protected]
No results found