Knowledge Management
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

I'd like a query executed that shows the duration of the outage

Sandeep007
New Member
‎05-11-2021 03:39 PM

Can anyone help me to write a Splunk query for when I have an outage I'd like a query executed that shows the duration of the outage.  If I check 5XX or 4XX errors, It will show some logs in  hour 5 or 10 mins period ex: I checked 500 errors 10pm to 11pm...  in that one hour, errors started from 10:15pm to 10:45pm , I want only period {10:15pm to 10:45pm } no need logs  .. for that How I need to write quarry 

Labels (1)
Labels
0 Karma
Reply

tscroggins
Influencer
‎05-11-2021 09:36 PM

@Sandeep007 

If you're looking for time ranges within 1-hour periods, you can use e.g. timechart:

sourcetype=access_common status=500
| timechart span=1h earliest(_time) as et latest(_time) as lt range(_time) as duration
| fieldformat et=strftime(et, "%F %T")
| fieldformat lt=strftime(lt, "%F %T")
| fieldformat duration=tostring(duration, "duration")

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...