Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

query related to website/service downtime duration calculation

$
0
0
Hi ALL i have below dataset for website Time,title, response code 01/10/2019 08:22 ABC_PORTAL 200 01/10/2019 08:24 ABC_PORTAL 01/10/2019 08:26 ABC_PORTAL 01/10/2019 08:28 ABC_PORTAL 01/10/2019 08:30 ABC_PORTAL 01/10/2019 08:32 ABC_PORTAL 503 01/10/2019 08:34 ABC_PORTAL 503 01/10/2019 08:36 ABC_PORTAL 503 01/10/2019 08:38 ABC_PORTAL 503 01/10/2019 08:40 ABC_PORTAL 200 01/10/2019 08:42 ABC_PORTAL 200 01/10/2019 08:44 ABC_PORTAL 200 01/10/2019 08:46 ABC_PORTAL 503 01/10/2019 08:48 ABC_PORTAL 01/10/2019 08:50 ABC_PORTAL 01/10/2019 08:52 ABC_PORTAL 01/10/2019 09:54 ABC_PORTAL 01/10/2019 09:56 ABC_PORTAL 01/10/2019 09:58 ABC_PORTAL 503 01/10/2019 10:00 ABC_PORTAL 503 01/10/2019 10:02 ABC_PORTAL 200 01/10/2019 10:04 ABC_PORTAL 200 in the above data the blank response code are connection timed out i want to show the downtime duration of the website Below is my query sourcetype=| eval response_code=if(response_code="", "failed", response_code) | transaction title startswith="response_code=failed" endswith="response_code=200" |eval minutes=(duration/60)| stats sum(minutes) as "Total Downtime in minutes" by title,_time or sourcetype=| eval response_code=if(response_code="", "failed", response_code) | transaction title startswith="response_code=503" endswith="response_code=200" |eval minutes=(duration/60)| stats sum(minutes) as "Total Downtime in minutes" by title,_time problem is it is not calculating the correct duration i want to show the data in below manner title , Downtime_start,Downtime_end , Duration,response_code How can i achive the above result or should i think of another way of representation any suggestions would be great help

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>