Archive

How to pause log generation during downtime in service and track the duration of each pause?

Explorer

Hi Splunkers,

I need to stop a particular service from generating logs in Splunk during downtime, and resume generating logs when the service is restored. And, I want to find the time difference between the last log generated during downtime and the first log generated when service was restored.

Example log times :

6/3/20
12:32:03.000 AM ....... (after the service is up)
6/3/20
11:41:33.000 AM........(last log before the service went down)
6/3/20
11:41:20.000 AM
6/3/20
11:41:15.000 AM
6/3/20
11:41:05.000 AM

Waiting to hear solutions from you guys!

Thanks.

Tags (3)
0 Karma

SplunkTrust
SplunkTrust

How does Splunk know which event is the last before the service went down and which is the first after the service came back up?

---
If this reply helps you, an upvote would be appreciated.

Explorer

I need to calculate the time difference of each event to the next event

0 Karma

SplunkTrust
SplunkTrust

Yes, we know what you want to do. Can you answer my question?
How would I, as a person unfamiliar with your envionment, know which event is the last before the service went down and which is the first after the service came back up?

---
If this reply helps you, an upvote would be appreciated.
0 Karma