Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get when server goes down status?

Anud
Path Finder
‎06-01-2023 06:10 AM

HI Team,

I want to get when server goes down time.

time status
6/2/2023 12:55 down
6/3/2023 12:52 down
6/4/2023 12:50 down
6/4/2023 12:46 up
6/4/2023 12:45 down
6/4/2023 12:45 down


MY output want to display server down at 12:45

6/4/2023 12:45 down


 Thanks in Advance..!!

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎06-01-2023 06:14 AM

Hi @Anud,

the search depends on your events.

If in each event there's the status field, you could run something like this:

index=your_index
| stats last(status) AS status BY host
| search status="Down"

and schedule this search as an alert.

Ciao.

Giuseppe

0 Karma
Reply

Anud
Path Finder
‎06-01-2023 06:26 AM

Thanks for the response..!!
This one tried giving all down status but i need  when down time started first for the server.

Tags (1)
0 Karma
Reply

Anud
Path Finder
‎06-02-2023 04:11 AM

Hi gcusello,
I want first down time server status, any idea 

timestatus
6/2/2023 12:55down
6/3/2023 12:52down
6/4/2023 12:50down
6/4/2023 12:46up
6/4/2023 12:45down
6/4/2023 12:45down


MY output want to display server down at 12:45

6/4/2023 12:45down
0 Karma
Reply
Get Updates on the Splunk Community!

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...