I had a issue with Splunk server Availability Query. Can anyone check and correct me?
index=itsi_summary kpi="Splunk Agent Availability" NOT "entity_title=service_aggregate"
| eval test = replace(alert_value, "N.A", "1")
| stats sum(test) as off dc(date_mday) as day by entity_title
| eventstats max(day) as max_day
| eval max = max_day*1440
| eval server_off = off*5
| eval percent_off = (server_off / max) * 100
| eval percent_on = 100 - percent_off
| table entity_title, percent* day server_off
| rename entity_title as Host percent_off as "Unavailability Percentage" percent_on as "Availability Percentage" day as "Number of running days" server_off as "Server Unavailable in Minutes"
Thanks in Advance!!
... View more