Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

Show uptime in Days

Unix:Uptime WMI:Uptime

Description

Submitted by manderso

The following query shows uptime of all systems over a certain period of time (days_uptime). Replace my indexes w/ yours.
7 0 
 index=os OR index=idx_appdev sourcetype=Unix:Uptime OR sourcetype="WMI:Uptime" |dedup host |eval DaysUp=round(SystemUpTime/86400,2) |eval Years=round(DaysUp/365,2) |eval Months=round(DaysUp/30,2)|search DaysUp > $days_uptime$ | table host DaysUp Years Months SystemUpTime |sort - SystemUpTime |
  Looks like: hostname | DaysUP | Years | Months | SystemUpTime and $days_uptime$ is a text box in my case.

Comments

3 total

SD
SD
8/1/2016

I dont see sourcetype=\"WMI:Uptime\" in Windows TA. How do we get it

RA
Rajiv
7/6/2017

If you are using splunk TA for UNIX and Windows: \r\n\r\n(index=osunix sourcetype=\"Unix:Uptime\") OR (index=wineventlog sourcetype=\"WinEventLog:System\" EventCode=6013)| rex field=Message \"uptime is (?\d+) seconds\" |dedup host |eval DaysUp=round(SystemUpTime/86400,2) |eval Years=round(DaysUp/365,2) |eval Months=round(DaysUp/30,2)|search DaysUp > $days_uptime$ | table host DaysUp Years Months SystemUpTime |sort host(index=osunix sourcetype=\"Unix:Uptime\") OR (index=wineventlog sourcetype=\"WinEventLog:System\" EventCode=6013)| rex field=Message \"uptime is (?\d+) seconds\" |dedup host |eval DaysUp=round(SystemUpTime/86400,2) |eval Years=round(DaysUp/365,2) |eval Months=round(DaysUp/30,2)|search DaysUp > $days_uptime$ | table host DaysUp Years Months SystemUpTime |sort host

GR
Greg
6/14/2022

sorry but that command does not work on Windows

Leave a comment

You must log in to post a comment.

Ad slot: bottom