Splunk Enterprise

How to count the uptime of Websites?

tobi2k
Explorer

Hi There!
I am collecting every 2 minutes the response_code of several websites. In my Dashboard I want to have just two Numbers "X Websites up" and "X Websites down" in realtime.

The Logic is:
Response_code=200 means Website is up
Response_code!=200 means Website is down

How should the query looks like?
index="main" sourcetype="web_ping" response_code="200" delivers all Responses. But how can I count only the Sourcetype?
| stats count by sourcetype delivers the sum of all querys and not the unique Websites.

Help is very appreachiated... Thank you!

Labels (2)

renjith_nair
SplunkTrust
SplunkTrust

@tobi2k ,

Does this work for you ?

index="main" sourcetype="web_ping" |stats latest(response_code) as response_code by <replace with your website field>
|stats count(eval(response_code==200)) as "Websites Up",count(eval(response_code!=200))  as  "Websites Down"
Happy Splunking!

tobi2k
Explorer

Awesome! That has solved my issue!

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

@tobi2k , Glad that it worked 🙂 . Please accept as answer to close the thread

Happy Splunking!
0 Karma
Get Updates on the Splunk Community!

Security Highlights: September 2022 Newsletter

 September 2022 The Splunk App for Fraud Analytics (SFA) is now Splunk SupportedUse your existing Splunk ...

Platform Highlights | September 2022 Newsletter

 September 2022 What’s New in 9.0 and How to UpgradeGet a walk through of what is new Splunk Enterprise 9.0 ...

Observability Highlights | September 2022 Newsletter

 September 2022 Splunk Observability SuiteAccess to "Classic" SignalFx Interface Will be Removed on Sept 30, ...