Getting Data In

Find events occurring only between 08:00 and 17:00 M-F for the Month

Path Finder

Hi, for an up time report - currently stumped.

A CSV log that contains a Time column - values formatted as: 1/01/2013 01:20 - three months worth of data, values typically every minute, a Status field contains - Success - Warning - Error, looking to do the following:

Only interested in the time range of 08:00 to 17:00 Monday through Friday by the total number of hours in that particular month. Looking to sum out the Success - Warning - Error count by Month.

Cheers,

Motivator

I'm assuming that splunk recognizes the time stamp for the events.

Splunk has internal time Fields that you can use. You can add the following to your search:

date_hour>8 date_hour<17 ( date_wday=monday OR date_wday=tuesday OR date_wday=wednesday OR date_wday=thursday OR date_wday=friday)

To sum out you can try to append the following:

| stats count by status_field,date_month

Path Finder

Was worth the mojo deduction. Thanks again!

0 Karma

Motivator

You're welcome. By the way if you just accept the answer I will get points for that and you don't have to award extra points to me that are deduced from your account

0 Karma

Path Finder

Awesome. Was completely over thinking it. 🙂 Cheers!

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!