Hi, for an up time report - currently stumped.
A CSV log that contains a Time column - values formatted as: 1/01/2013 01:20 - three months worth of data, values typically every minute, a Status field contains - Success - Warning - Error, looking to do the following:
Only interested in the time range of 08:00 to 17:00 Monday through Friday by the total number of hours in that particular month. Looking to sum out the Success - Warning - Error count by Month.
I'm assuming that splunk recognizes the time stamp for the events.
Splunk has internal time Fields that you can use. You can add the following to your search:
date_hour>8 date_hour<17 ( date_wday=monday OR date_wday=tuesday OR date_wday=wednesday OR date_wday=thursday OR date_wday=friday)
To sum out you can try to append the following:
| stats count by status_field,date_month