topic Re: Show/Exclude results maintenance window in Getting Data In

Show/Exclude results maintenance window

marco_filipe63 — Tue, 29 Sep 2020 17:59:07 GMT

I have a CSV file with some value times that I would like to exclude from my searchs/reports.

That CSV file contains:
Index,StartTime,EndTime,
Index01,07/02/2018 17:39,07/02/2018 17:42,
Index01,07/02/2018 17:37,07/02/2018 17:38,

My search:
index="index01" ( HTTP_statuscode>=500)| stats count(eval(HTTP_statuscode >= 500)) as errors by index

When I've search from all the results/issues of that day, I want exclude all the results in that period time.

What will be the best way to do this?

Re: Show/Exclude results maintenance window

cmerriman — Thu, 08 Feb 2018 13:02:41 GMT

something like this might help, but you might need to change the times in the eval statement, as I used GMT.

index="index01" ( HTTP_statuscode>=500)|eval exclude=case(_time>1518025140 AND _time<1518025080,1,_time>1518025140 AND _time<1518025320,1,1=1,0)|search exclude=0| stats count(eval(HTTP_statuscode >= 500)) as errors by index

https://www.epochconverter.com/

Re: Show/Exclude results maintenance window

ferrosky — Thu, 08 Feb 2018 18:39:05 GMT

I believe Marco's idea is to grab the maintenance windows from a CSV file. You're just putting all the windows on the case.

Re: Show/Exclude results maintenance window

ferrosky — Thu, 08 Feb 2018 18:45:04 GMT

Your search doesn't make much sense but I have a similar problem to calculate availability:

index=web | stats count(eval(HTTP_statuscode >= 500)) as errors, count as total by index | eval availability=round((1-errors/total)*100,3)

I would really like be able to have a list of maintenance windows that would be excluded from the availability report.