Find events occurring only between 08:00 and 17:00...

edenzler · ‎06-12-2013

Hi, for an up time report - currently stumped.

A CSV log that contains a Time column - values formatted as: 1/01/2013 01:20 - three months worth of data, values typically every minute, a Status field contains - Success - Warning - Error, looking to do the following:

Only interested in the time range of 08:00 to 17:00 Monday through Friday by the total number of hours in that particular month. Looking to sum out the Success - Warning - Error count by Month.

Cheers,

chris · ‎06-12-2013

I'm assuming that splunk recognizes the time stamp for the events.

Splunk has internal time Fields that you can use. You can add the following to your search:

date_hour>8 date_hour<17 ( date_wday=monday OR date_wday=tuesday OR date_wday=wednesday OR date_wday=thursday OR date_wday=friday)

To sum out you can try to append the following:

| stats count by status_field,date_month

edenzler · ‎06-12-2013

Was worth the mojo deduction. Thanks again!

chris · ‎06-12-2013

You're welcome. By the way if you just accept the answer I will get points for that and you don't have to award extra points to me that are deduced from your account

edenzler · ‎06-12-2013

Awesome. Was completely over thinking it. 🙂 Cheers!

Find events occurring only between 08:00 and 17:00 M-F for the Month

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms