Hi,
I am grabbing interface errors from Cisco routers (via snmpget) that form a distinct path through the network. I want to present them in the same order of the path..
if I dedup the path_order, it works, but not over any period of time.. I want to be able to group the whole path (defined by path_order) (1-19) and display this "table" over time.
index=interface_path sourcetype=interface_errors | dedup path_order| table _time,host_name, ifName,ifOutDiscards,ifOutErrors,ifInDiscards,ifInErrors path_order | sort path_order
Sample of data output (formatting might not be screwy)(host_name field removed for sample data)
_time ifName ifOutDiscards ifOutErrors ifInDiscards ifInErrors path_order
2014-03-03 20:00:00 GigabitEthernet0/0 11508 0 0 0 1
2014-03-03 20:00:03 FastEthernet5/1 5471 30595 0 1 2
2014-03-03 20:00:13 POS2/0 3 0 4 13044 3
2014-03-03 20:00:24 POS2/0 674 0 14 368866 4
Does this make sense? I could be going about this wrong.. Looking for suggestions!
I would love to be able to make a sparkline for each Error and Discard field showing errors over time on one table/chart. But i think i need to figure out the grouping first..
Thanks,
Ross Warrren
... View more