I'm trying to figure out how to show uptime percent of a device in percentage over 30 days that is agnostic to both linux and windows data.
I am currently using
as my data set, and it's a default data set that ships with the Linux TA.
for windows I am using this search:
index=wineventlog LogName=System EventCode=6013
|rex field=Message "uptime is (?<uptime>\d+) seconds"
| eval Uptime_Minutes=uptime/60
| eval LastBoot=_time-uptime
| convert ctime(LastBoot)
| eval uptime=tostring(uptime, "duration")
| stats latest(_time) as time by host, Message, uptime, LastBoot
Currently, I can't figure out how to account for a reboot that occurs during the month. The linux data doesn't have a 'LastBoot' field like the windows data, and I'm not sure how to create one.
This is the closest that I've gotten is to use something like this for either linux or windows, and simply rename / create the 'uptime' field in seconds.
| rename SystemUpTime as uptime
| streamstats sum(uptime) as total by host
| eval tot_up=(total/157697280)*100
| eval host_uptime=floor(tot_up)
| stats max(host_uptime) as pctUp by host
This is obviously crude, and I'm trying to refine it though i'm looking for any help. I'm obviously missing something, and i'm sure i'm not the first person to ask a question like this though I couldn't find anything specific to this on answers.
I have a search that shows me total uptime in duration for either windows or linux, and that's great! I'm just looking for the total uptime in percent over a 30 days span that accounts for reboots, or legitimate system hard down incidents.