Hi Splunkers,
I'm new to splunk and i'm working on a dashboard for a service/application. What i'm trying to do is the following. I'm searching for the last "shutting down" and the last "starting application" event in my log. Then I want to compare the two. If the stop_date > start_date then I want my single value to display "service down" else "service up".
Beneath is my search so far, but it always displays service up at this moment, what am I doing wrong?
Thanks in advantage for your answers,
index=myindex Starting Application | addinfo | dedup 1 host sortby -_time | eval start_date=strftime(_time, "%m-%d-%Y %H:%M:%S")| append [search index=ieg shutting down | addinfo | dedup 1 host sortby -_time | eval stop_date=strftime(_time, "%m-%d-%Y %H:%M:%S")] | eval status=if(start_date
... View more