Show uptime in Days

The following query shows uptime of all systems over a certain period of time (days_uptime). Replace my indexes w/ yours.

 index=os OR index=idx_appdev sourcetype=Unix:Uptime OR sourcetype="WMI:Uptime" |dedup host |eval DaysUp=round(SystemUpTime/86400,2) |eval Years=round(DaysUp/365,2) |eval Months=round(DaysUp/30,2)|search DaysUp > $days_uptime$ | table host DaysUp Years Months SystemUpTime |sort - SystemUpTime |

 

Looks like:

hostname | DaysUP | Years | Months | SystemUpTime

and $days_uptime$ is a text box in my case.

Share This:

Comments

  1. Rajiv

    If you are using splunk TA for UNIX and Windows:

    (index=osunix sourcetype=”Unix:Uptime”) OR (index=wineventlog sourcetype=”WinEventLog:System” EventCode=6013)| rex field=Message “uptime is (?\d+) seconds” |dedup host |eval DaysUp=round(SystemUpTime/86400,2) |eval Years=round(DaysUp/365,2) |eval Months=round(DaysUp/30,2)|search DaysUp > $days_uptime$ | table host DaysUp Years Months SystemUpTime |sort host(index=osunix sourcetype=”Unix:Uptime”) OR (index=wineventlog sourcetype=”WinEventLog:System” EventCode=6013)| rex field=Message “uptime is (?\d+) seconds” |dedup host |eval DaysUp=round(SystemUpTime/86400,2) |eval Years=round(DaysUp/365,2) |eval Months=round(DaysUp/30,2)|search DaysUp > $days_uptime$ | table host DaysUp Years Months SystemUpTime |sort host

Leave A Comment?