I am collecting every 2 minutes the response_code of several websites. In my Dashboard I want to have just two Numbers "X Websites up" and "X Websites down" in realtime.
The Logic is:
Response_code=200 means Website is up
Response_code!=200 means Website is down
How should the query looks like?
index="main" sourcetype="web_ping" response_code="200" delivers all Responses. But how can I count only the Sourcetype?
| stats count by sourcetype delivers the sum of all querys and not the unique Websites.
Help is very appreachiated... Thank you!
Does this work for you ?
index="main" sourcetype="web_ping" |stats latest(response_code) as response_code by <replace with your website field> |stats count(eval(response_code==200)) as "Websites Up",count(eval(response_code!=200)) as "Websites Down"