How to calculate downtime from a script results?

ngerosa · ‎03-30-2018

Hi all,
I have a script that ping 10 hosts and output all of the offline hosts.

This script runs every 10 minutes.

The output file is monitored by splunk

What I would like to calculate is the downtime for every offline host present in the last ping.
This is the output file of the script:

  IP_address   Status   _time

  10.x.x.214,  Offline, 2018-03-30 10:32:23
  10.x.x.73,   Offline, 2018-03-30 10:32:27
  10.x.x.67,   Offline, 2018-03-30 10:32:31
  10.x.x.214,  Offline, 2018-03-30 10:42:18 
  10.x.x.73,   Offline, 2018-03-30 10:42:23
  10.x.x.67,   Offline, 2018-03-30 10:42:27
  10.x.x.214,  Offline, 2018-03-30 10:52:32
  10.x.x.67,   Offline, 2018-03-30 10:52:38

In this example I would like to have this |table:

   IP_address         downtime
   10.x.x.214         00:40:38
   10.x.x.67          00:40:30

I would like to have only that two hosts in table because in the last ping the host 10.x.xxx.73 is not present.

Someone can help me?

Thanks a lot!

How to calculate downtime from a script results?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!