https://community.splunk.com/t5/Splunk-Search/EC2-instance-uptime-monthly-basis/m-p/347846#M164278 <P>You can run a search like this: </P> <PRE><CODE>`aws-description-sourcetype` source="*:ec2_instances" (aws_account_id="*") (region="*") state="running" | timechart count(id) minspan=1h by instance_type </CODE></PRE> <P>which will give you a chart of instances running by type (remove the <CODE>by instance_type</CODE>) to get a total.</P> <P>If your interested in the costs of these instances, you can modify one one the dashboard panels to restrict your search to ec2, and use something like this, to show you costs this month vs last:</P> <PRE><CODE>`aws-cloudwatch-billing( (LinkedAccountId="*") , USD)`|search AmazonEC2 | stats sum(Sum) as sum by _time LinkedAccountId | eval day=strftime(_time, "%Y/%m/%d") | dedup day LinkedAccountId sortby -_time | timechart span=1d sum(sum) as "This Month" | appendcols [ search earliest=-mon@mon latest=-mon `aws-cloudwatch-billing( (LinkedAccountId="*") , USD)` | stats sum(Sum) as sum by _time LinkedAccountId | eval day=strftime(_time, "%Y/%m/%d") | dedup day LinkedAccountId sortby -_time | timechart span=1d sum(sum) as "Last Month"] | fields _time "Last Month" "This Month" </CODE></PRE> <P>Take a look at the dashboard panels available in the app, as these provide a great starting point for any queries you want to refine.</P> Tue, 19 Dec 2017 08:31:42 GMT nickhills 2017-12-19T08:31:42Z https://community.splunk.com/t5/Splunk-Search/EC2-instance-uptime-monthly-basis/m-p/347842#M164274 <P>The EC2 instances in my AWS environment are daily shutdown and startup on next day as per requirement. I want to develop a report which will display how much hours an EC2 instance was up and down in a month. Please suggest if it is possible through Splunk or not?</P> Mon, 18 Dec 2017 10:27:21 GMT https://community.splunk.com/t5/Splunk-Search/EC2-instance-uptime-monthly-basis/m-p/347842#M164274 samindradey 2017-12-18T10:27:21Z https://community.splunk.com/t5/Splunk-Search/EC2-instance-uptime-monthly-basis/m-p/347843#M164275 <P>I would start by installing the Splunk App for AWS (and the TA, as per the instructions)<BR /> <A href="http://docs.splunk.com/Documentation/AWS/5.1.0/Installation/Installon-prem">http://docs.splunk.com/Documentation/AWS/5.1.0/Installation/Installon-prem</A><BR /> This app, among other things, will collect events and actions taken on all your AWS resources and will allow you to search and filter them by tag/name/instance/id/Az/region etc.<BR /> You will also get access to the very comprehensive billing prediction and breakdown tools - not to mention user auditing, and performance metrics.</P> <P>To directly answer your question, you will be able to see exactly how many hours each machine has been running.</P> Mon, 18 Dec 2017 15:49:47 GMT https://community.splunk.com/t5/Splunk-Search/EC2-instance-uptime-monthly-basis/m-p/347843#M164275 nickhills 2017-12-18T15:49:47Z https://community.splunk.com/t5/Splunk-Search/EC2-instance-uptime-monthly-basis/m-p/347844#M164276 <P>Thanks! I am able to search the instances but in a month how many hours the instance was up and down is not able to create as a report. Can you please help?</P> Tue, 19 Dec 2017 06:22:41 GMT https://community.splunk.com/t5/Splunk-Search/EC2-instance-uptime-monthly-basis/m-p/347844#M164276 samindradey 2017-12-19T06:22:41Z https://community.splunk.com/t5/Splunk-Search/EC2-instance-uptime-monthly-basis/m-p/347845#M164277 <P>Thanks! I am able to search the instances but not able to create a report which will show how long the instance was up and down in a month. Can you please help?</P> Tue, 19 Dec 2017 06:24:24 GMT https://community.splunk.com/t5/Splunk-Search/EC2-instance-uptime-monthly-basis/m-p/347845#M164277 samindradey 2017-12-19T06:24:24Z https://community.splunk.com/t5/Splunk-Search/EC2-instance-uptime-monthly-basis/m-p/347846#M164278 <P>You can run a search like this: </P> <PRE><CODE>`aws-description-sourcetype` source="*:ec2_instances" (aws_account_id="*") (region="*") state="running" | timechart count(id) minspan=1h by instance_type </CODE></PRE> <P>which will give you a chart of instances running by type (remove the <CODE>by instance_type</CODE>) to get a total.</P> <P>If your interested in the costs of these instances, you can modify one one the dashboard panels to restrict your search to ec2, and use something like this, to show you costs this month vs last:</P> <PRE><CODE>`aws-cloudwatch-billing( (LinkedAccountId="*") , USD)`|search AmazonEC2 | stats sum(Sum) as sum by _time LinkedAccountId | eval day=strftime(_time, "%Y/%m/%d") | dedup day LinkedAccountId sortby -_time | timechart span=1d sum(sum) as "This Month" | appendcols [ search earliest=-mon@mon latest=-mon `aws-cloudwatch-billing( (LinkedAccountId="*") , USD)` | stats sum(Sum) as sum by _time LinkedAccountId | eval day=strftime(_time, "%Y/%m/%d") | dedup day LinkedAccountId sortby -_time | timechart span=1d sum(sum) as "Last Month"] | fields _time "Last Month" "This Month" </CODE></PRE> <P>Take a look at the dashboard panels available in the app, as these provide a great starting point for any queries you want to refine.</P> Tue, 19 Dec 2017 08:31:42 GMT https://community.splunk.com/t5/Splunk-Search/EC2-instance-uptime-monthly-basis/m-p/347846#M164278 nickhills 2017-12-19T08:31:42Z