[Xymon] Metrics reports on red/yellow duration? Unacked? Splunk?

john.r.rothlisberger at accenture.com john.r.rothlisberger at accenture.com
Wed Nov 13 15:50:49 CET 2013 

I do this in an alert script:

ACTIVE=`/home/xymon/server/bin/xymon 0 "xymondlog $BBHOSTSVC"|head -1|awk -F\| '{print"@"$5}'|xargs date -d`
NOW=`date '+%s'`
ALERTACTIVE=`/home/xymon/server/bin/xymon 0 "xymondlog $BBHOSTSVC"|head -1|awk -F\| '{print $5}'`
ACTIVECOLOR=`/home/xymon/server/bin/xymon 0 "xymondlog $BBHOSTSVC"|head -1|awk -F\| '{print $3}'`
ALERTDIFF=`expr $NOW - $ALERTACTIVE`
ALERTTIME=`echo - | awk -v S=$ALERTDIFF '{printf "%d hours %d minutes",S/(60*60),S%(60*60)/60}'`

Which, eventually shows up like this in our email alert:
Alert Active Since: Tue Nov 12 11:28:52 CST 2013  (Duration of Alert 4 hours 1 minutes)

You could use the same logic to get what you want.

Thanks,
John
Upcoming PTO:
None

_____________________________________________________________________
John Rothlisberger
IT Strategy, Infrastructure & Security - Technology Growth Platform
TGP for Business Process Outsourcing
Accenture
312.693.3136 office
_____________________________________________________________________

From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Betsy Schwartz
Sent: Wednesday, November 13, 2013 8:20 AM
To: xymon at xymon.com
Subject: [Xymon] Metrics reports on red/yellow duration? Unacked? Splunk?

My grand-boss is looking to set some standards for how long we let reds and yellows go un-ACKed
and un-resolved. There's a built in report but it seems to summarize total time red /yellow and what we're really interested in is how long it's taking us to respond.

Has anyone done anything with this?
I'm wondering if feeding the acklogs into splunk would let us work something up. And/or thinking about just trying to scrape this off the board.
Thoughts and code snippets welcome


________________________________
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited.

Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.

______________________________________________________________________________________

www.accenture.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20131113/05e1ca88/attachment.html>

More information about the Xymon mailing list