Splunk Search

How do you calculate availability with 2 searches?

serviceinfrastr
Explorer

Hi team,

I want to determine the availabilty of my application with the http status code

(Number of request http >= 400 / Number of request http =<200) * 100

I have my two requests :

index=nginx status>=400 host=dnginx01 server_name=toto.toto.fr NOT http_user_agent="*PRTG*" server_name="toto.toto.fr" status=501 | stats count as total

and

index=nginx status<=200 host=dnginx01 server_name=toto.toto.fr NOT http_user_agent="*PRTG*" server_name="toto.toto.fr" | stats count as total

But i don't know how i can do this operation

Tags (1)
0 Karma

renjith_nair
Legend

@serviceinfrastructure,

Try

 index=nginx server_name="toto.toto.fr" NOT http_user_agent="*PRTG*" 
 |stats count(eval(if(status>=400,status,null()))) as c_400,count(eval(if(status<=200,status,null()))) as c_200
 |eval availability=(c_400/c_200)*100

PS: removed status=501 condition from your first search because then you don't need status>=400 condition. Please add this using AND if needed.

---
What goes around comes around. If it helps, hit it with Karma :slightly_smiling_face:

serviceinfrastr
Explorer

thanks @renjith.nair

Yes Perfect, this determine our unavailability

How i can have the availability, eval (100-availability) ?

0 Karma

renjith_nair
Legend

@serviceinfrastructure, availability is a complex topics and it purely depends on how you consider (https://en.wikipedia.org/wiki/Availability). But here , if the unavailability is in % (for e.g. 30%) , then yes availability is 100-30=70 %

---
What goes around comes around. If it helps, hit it with Karma :slightly_smiling_face:
0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...