All Apps and Add-ons

Accommodate Nightly Server Restarts

klaxdal
Contributor

Hi ,

I have a series of servers - located on the East coast and West coast which undergo scheduled restarts at 0100 and 0400 .

Is it possible alert or setup the app so that I do not see these scheduled outage times reflected within the " Status History ' Dashboard ? ( Specifically the Maximum Response Time , Availability and Failures panels )

Thanks

0 Karma
1 Solution

klaxdal
Contributor

Here is my approach - seemed to suit my purposes - added the following to the search strings within each panel

NOT (date_hour>=1 date_hour<110) NOT (date_hour>=4 date_hour<410)

View solution in original post

0 Karma

klaxdal
Contributor

Here is my approach - seemed to suit my purposes - added the following to the search strings within each panel

NOT (date_hour>=1 date_hour<110) NOT (date_hour>=4 date_hour<410)

0 Karma

rodrigorsilva
Communicator

Hi klaxdal,

If setting your queries with filter and comparatives in the window known (0100 and 0400), would it suffice?
Please, share some queries with us.

Rodrigo Ribeiro

0 Karma

klaxdal
Contributor

Rodrigo - not quite sure what you mean ? Can you elaborate ?

klaxdal

0 Karma

rodrigorsilva
Communicator

Klaxdal,

Can you share your Dashboard (Query)?

Rodrigo Ribeiro

0 Karma

klaxdal
Contributor

They are the 'standard' dashboards offered within the Website Monitoring app - I would like to filter all events when the servers undergo their nightly restarts 0100 - 0120 and 0400 to 0420

sourcetype="web_ping" title="" filter_inoperable | stats count as count *( lists the failures over 24 hrs)**

sourcetype="web_ping" title="" | stats max(total_time) as response_time *( lists max response time )**

sourcetype="web_ping" title="" | fillnull value=1000 response_code | eval
success=case(response_code>=400, 0, timed_out == "True", 0) | fillnull value=1 success | chart count as total, sum(success) as successes | eval availability=round(100
(successes/total),2) | fields availability ( lists availability )

Any help would be greatly appreciated

0 Karma

rodrigorsilva
Communicator

I hope I can help you...

I was thinking of something like:

sourcetype="web_ping" title="" filter_inoperable
| eval hour=strftime(_time , "%H")
| eval minute=strftime(_time , "%M")
| where (hour>01 AND minute>20)
| stats count as count ( lists the failures over 24 hrs)*

With some combinations and date and time tests you can "hide" this period.

Rodrigo Ribeiro

0 Karma

klaxdal
Contributor

Thanks Rodrigo !

Will give it a try . Really appreciate the help .

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...