I have recently started indexing a private log generated from a Hostmon URL check. The Hostmon check runs during M-F business hours and returns the following basic log information :
[9/8/2016 10:48:55 AM] sitename.com Host is alive 18 ms URL request 27061
I've added the extracted fields for 'site', 'state' 'response_time', 'test_type' 'bytes' but now I want to build reporting around the data and am not very experienced using charting searches with Splunk. The 'state' field will return data that is simplistic as 'Host is alive', 'Host is down', or 'Out of schedule'.
Can someone help me understand how to pipe in a `timechart avg` of the 'state' field values so I can add it to a scheduled report for how often my site was available?
Example of a search that I was trying is:
index=main host=* sourcetype=Hostmon site=* state=* | timechart span=1d avg(state) as Site_Availability
↧