I would like to create a dashboard to show Windows server up time where it is more than 60 days..
Basically I would like to present as a count of servers running continuously for more than 60 days.
Thanks to4kawa for you reply.
It is not working for me... All I want to take the count of server which have been running for more than 60 days by using following query :-
index = win_perf host= A OR host=B OR host=C OR host=D | eval Uptime_Days = System_Up_Time/86400 | stats count by host | where Uptime_Days>60
my answer is updated. please confirm.
sorry, I've mistake, typo. my answer is amended. please confirm.
I cant find your amended answer?
I put label.
can you copy your answer her again please?
|tstats count prestats=t where index=win_perf host=A OR host=B OR host=C OR host=D by host _time span=1d
| timechart count by host
I am getting following error :-
Error in 'TsidxStats': WHERE clause is not an exact query
my answer amended, please confirm.
amended:
|tstats count prestats=t where index=win_perf by host _time span=1d
| timechart count by host
check this results and modify query.
Actually I have got the search to display the servers which have been running for more than 60 days, however I am trying to get the count of servers which are running for more than 60 days..
Search to display up time is as below:-
index = win_perf host= A OR host=B OR host=C OR host=D | eval Uptime_Days = System_Up_Time/86400 | chart max(Uptime_Days) as "System Uptime in Days" by host
What I want to know the count of servers running more than 60 days ... I am trying following :-
index = win_perf host= A OR host=B OR host=C OR host=D | eval Uptime_Days = System_Up_Time/86400 | stats count by host | where Uptime_Days>60
However I am not getting any result back...
Splunk App for Windows Infrastructure Reference
How about using it?