Solved: Re: Accommodate Nightly Server Restarts

klaxdal · ‎07-04-2017

Hi ,

I have a series of servers - located on the East coast and West coast which undergo scheduled restarts at 0100 and 0400 .

Is it possible alert or setup the app so that I do not see these scheduled outage times reflected within the " Status History ' Dashboard ? ( Specifically the Maximum Response Time , Availability and Failures panels )

Thanks

klaxdal · ‎07-25-2017

Here is my approach - seemed to suit my purposes - added the following to the search strings within each panel

NOT (date_hour>=1 date_hour<110) NOT (date_hour>=4 date_hour<410)

View solution in original post

klaxdal · ‎07-25-2017

Here is my approach - seemed to suit my purposes - added the following to the search strings within each panel

NOT (date_hour>=1 date_hour<110) NOT (date_hour>=4 date_hour<410)

rodrigorsilva · ‎07-07-2017

Hi klaxdal,

If setting your queries with filter and comparatives in the window known (0100 and 0400), would it suffice?
Please, share some queries with us.

Rodrigo Ribeiro

klaxdal · ‎07-07-2017

Rodrigo - not quite sure what you mean ? Can you elaborate ?

klaxdal

rodrigorsilva · ‎07-07-2017

Klaxdal,

Can you share your Dashboard (Query)?

Rodrigo Ribeiro

klaxdal · ‎07-07-2017

They are the 'standard' dashboards offered within the Website Monitoring app - I would like to filter all events when the servers undergo their nightly restarts 0100 - 0120 and 0400 to 0420

sourcetype="web_ping" title="" filter_inoperable | stats count as count *( lists the failures over 24 hrs)**

sourcetype="web_ping" title="" | stats max(total_time) as response_time *( lists max response time )**

sourcetype="web_ping" title="" | fillnull value=1000 response_code | eval
success=case(response_code>=400, 0, timed_out == "True", 0) | fillnull value=1 success | chart count as total, sum(success) as successes | eval availability=round(100(successes/total),2) | fields availability ( lists availability )

Any help would be greatly appreciated

rodrigorsilva · ‎07-07-2017

I hope I can help you...

I was thinking of something like:

sourcetype="web_ping" title="" filter_inoperable
| eval hour=strftime(_time , "%H")
| eval minute=strftime(_time , "%M")
| where (hour>01 AND minute>20)
| stats count as count ( lists the failures over 24 hrs)*

With some combinations and date and time tests you can "hide" this period.

Rodrigo Ribeiro

klaxdal · ‎07-08-2017

Thanks Rodrigo !

Will give it a try . Really appreciate the help .

Accommodate Nightly Server Restarts

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation

Accommodate Nightly Server Restarts

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...