Dashboards & Visualizations

How do I create a table and timeline of active connections. (Uptime graph)

Explorer

My site has customers that connect periodically throughout the day. I am trying to build a table/array for the uptime of said customer on view that I monitor throughout the day and then a timechart search for the connected customers. The customers don't normally stay connected for longer than 24 hours but the message that is generated when someone connects is:

%BGP-5-ADJCHANGE: neighbor [IP address] Up

%BGP-5-ADJCHANGE: neighbor [IP address] Down BGP Notification sent

I have field extractions where neighbor=[IP address] and state_to=up/down

I got kind of close for the table (it's usable) with:
ADJCHANGE | contingency neighbor stateto
... but I don't know how to filter the results to only show the ones where the count of state
to Up>Down

As for the timeline, I am stuck. I am trying to have a line graph with who connected (uptime) throughout the day/week. I simply don't understand which command I need to use as I've never coded something before (I'm just a network plumber). I'm pretty certain I need what I have below, but for the timeline/(sparkline?) portion of the command, I'm stuck. It graphs the sparkline but only graphs the events (syslog), not the duration between the events. Which again, is usable but not what I want.

ADJCHANGE | transaction neighbor startswith=(stateto="Up") endswith=(stateto="Down") | makecontinuous _time span=10m | stats sparkline count, sum(duration) by neighbor | sort sum(duration) desc
What I have so far

0 Karma
1 Solution

Explorer

For the people following this, it only took me 3 months.. I installed the cisco IOS app, which created the "state_to" field. Using the Area visualization and Multi-series mode format, the following search got me basically what I wanted.

stateto=* | transaction Uptime startswith=(stateto=Up) endswith=(state_to=Down) | concurrency duration=duration | timechart max(concurrency) as UpDown by neighbor fixedrange=F span=5m

link text

View solution in original post

0 Karma

Explorer

For the people following this, it only took me 3 months.. I installed the cisco IOS app, which created the "state_to" field. Using the Area visualization and Multi-series mode format, the following search got me basically what I wanted.

stateto=* | transaction Uptime startswith=(stateto=Up) endswith=(state_to=Down) | concurrency duration=duration | timechart max(concurrency) as UpDown by neighbor fixedrange=F span=5m

link text

View solution in original post

0 Karma