Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

Splunk Server Restart Duration

_internal audittrail splunkd
6 2

Description

Submitted by ItsJohnLocke

As titled, the following Splunk search query will show the restart duration (using the transaction command) of the Splunk service itself.   
index=_audit (action="splunkShuttingDown" OR action="splunkStarting") | eval Date=strftime(_time, "%Y/%m/%d") | transaction splunk_server startswith=action="splunkShuttingDown" endswith=action="splunkStarting" | eval duration=round(duration/60, 2) |table Date splunk_server duration| rename duration as "Splunk Restart Duration" splunk_server as "Splunk Server"

Comments

0 total

Be the first to comment on this SPL.

Leave a comment

You must log in to post a comment.

Ad slot: bottom