Hello,
First method:
index=opennms eventuei="uei.opennms.org/thresholds/bgpPeerState/XOM*" "WANRT*" "10.253*"
| rex field=eventuei "uei.opennms.org/thresholds/bgpPeerState/(?.+)"
| rex "peer: (?.*), eventseverity"
| eval Status=case(bgpPeerState=="XOM-rearm", "UP", bgpPeerState=="XOM-falling", "DOWN", 1=1, "Other")
| rename _time as Time_CST
| fieldformat Time_CST=strftime(Time_CST,"%x %X")
| dedup nodelabel sortby - Time_CST
| table nodelabel Status PEER_IP Time_CST
| eval number_Up=if(Status="UP",1,0), number_Down=if(Status="DOWN",1,0)
| stats sum(number_Up) as UP, sum(number_Down) as DOWN
Second method:
index=opennms eventuei="uei.opennms.org/thresholds/bgpPeerState/XOM*" "WANRT*" "10.253*"
| rex field=eventuei "uei.opennms.org/thresholds/bgpPeerState/(?.+)"
| rex "peer: (?.*), eventseverity"
| eval Status=case(bgpPeerState=="XOM-rearm", "UP", bgpPeerState=="XOM-falling", "DOWN", 1=1, "Other")
| rename _time as Time_CST
| fieldformat Time_CST=strftime(Time_CST,"%x %X")
| dedup nodelabel sortby - Time_CST
| table nodelabel Status PEER_IP Time_CST
| stats count(eval(Status="UP")) as UP, count(eval(Status="DOWN")) as DOWN
... View more