Hi,
1.We need to find difference between Downtime and Uptime: In the below example it went down at 18:06:02.299 and came up at 18:12:02.005 (we need to find difference in minutes. here it is around 5 mins).
2. We need to add two more fields difference, Percentage down time (difference we get from above/24*60) - Probably we can use eval command to do this.
3. The above query I have used for 30 days. It went down only one day (17 Jan). We need to create a dashboard such that it should show 100% up for remaining 29 days (except 17th Jan) and 17th Jan it should show as 98% Up and 2% down
Below is the search used:
index=_internal sourcetype=scheduler alert_actions!="" (down OR up) user=admin savedsearch_id="admin;search; Prod Silo 1 is Down" OR savedsearch_id= "admin;search; Prod Silo 1 is UP"
|chart count(savedsearch_id) by _time,savedsearch_id|rename "admin;search;Prod Silo 1 is Down" as "SILO1_Down", "admin;search; Prod Silo 1 is UP" as SILO1_UpTime
| convert ctime(_time)
... View more