How do I calculate application availability based ...

Splunk Search

How do you calculate application availability in minutes based on a status code? I want to determine the outage if 50% of the events gives status codes of 400 & 500 in a 5 minute span. And then, finally, add just minutes to capture the total outage daily, weekly or monthly.

Below shows the status as healthy and unhealthy. How can I calculate the duration of outage?

Failure|| eval Health=case((status>399 ), "UnHealthy", (status<399), "Healthy")| eventstats count(eval(Health="Healthy")) as "success_count" by uri_path| eventstats count(eval(Health="UnHealthy")) as "unsuccess_count" by uri|stats values(success_count) as "Healthy" values(unsuccess_count) as "Unhealthy" by uri_path| stats sum(Unhealthy) as "overallstatus"|eval sloAlertLevel=case(overallstatus >= 9, "IMPACTED", overallstatus >=5 AND overallstatus <=9, "WARNING",overallstatus <=2, "HEALTHY")

Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

Are you a member of the Splunk Community?