[Xymon] Metrics reports on red/yellow duration? Unacked? Splunk?

Tue Nov 26 16:42:14 CET 2013

Belatedly - what I'm thinking about is how to get metrics reports, over the
organization, for example "average time to ack yellows" or "time from ack
to resolution"

I see that the data about color changes is in $XYMONHOME/data/hist stored
by host-test , and the data about acks is in $XYMONHOME/log/acknowledge.log
so I'm thinking we can put that together with splunk.

Alternately, the board knows about color and acktime, so it's possible to
get realtime stats as below ("this alert has been yellow for N minutes")
but there's nothing to put that together over time, which is why I'm
thinking splunk

It would be great if xymon's built-in reports knew about "ACK". we've very
ack-driven around here

On Wed, Nov 13, 2013 at 9:50 AM, <john.r.rothlisberger at accenture.com> wrote:

>  I do this in an alert script:
>
>
>
> ACTIVE=`/home/xymon/server/bin/xymon 0 "xymondlog $BBHOSTSVC"|head -1|awk
> -F\| '{print"@"$5}'|xargs date -d`
>
> NOW=`date '+%s'`
>
> ALERTACTIVE=`/home/xymon/server/bin/xymon 0 "xymondlog $BBHOSTSVC"|head
> -1|awk -F\| '{print $5}'`
>
> ACTIVECOLOR=`/home/xymon/server/bin/xymon 0 "xymondlog $BBHOSTSVC"|head
> -1|awk -F\| '{print $3}'`
>
> ALERTDIFF=`expr $NOW - $ALERTACTIVE`
>
> ALERTTIME=`echo - | awk -v S=$ALERTDIFF '{printf "%d hours %d
> minutes",S/(60*60),S%(60*60)/60}'`
>
>
>
> Which, eventually shows up like this in our email alert:
>
> Alert Active Since: Tue Nov 12 11:28:52 CST 2013  (Duration of Alert 4
> hours 1 minutes)
>
>
>
> You could use the same logic to get what you want.
>
>
>
> Thanks,
>
> John
>
> Upcoming PTO:
>
> None
>
>
>
> _____________________________________________________________________
>
> John Rothlisberger
>
> IT Strategy, Infrastructure & Security - Technology Growth Platform
>
> TGP for Business Process Outsourcing
>
> Accenture
>
> 312.693.3136 office
>
> _____________________________________________________________________
>
>
>
> *From:* Xymon [mailto:xymon-bounces at xymon.com] *On Behalf Of *Betsy
> Schwartz
> *Sent:* Wednesday, November 13, 2013 8:20 AM
> *To:* xymon at xymon.com
> *Subject:* [Xymon] Metrics reports on red/yellow duration? Unacked?
> Splunk?
>
>
>
> My grand-boss is looking to set some standards for how long we let reds
> and yellows go un-ACKed
>
> and un-resolved. There's a built in report but it seems to summarize total
> time red /yellow and what we're really interested in is how long it's
> taking us to respond.
>
> Has anyone done anything with this?
>
> I'm wondering if feeding the acklogs into splunk would let us work
> something up. And/or thinking about just trying to scrape this off the
> board.
>
> Thoughts and code snippets welcome
>
>
>
> ------------------------------
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the e-mail by you is prohibited.
>
> Where allowed by local law, electronic communications with Accenture and
> its affiliates, including e-mail and instant messaging (including content),
> may be scanned by our systems for the purposes of information security and
> assessment of internal compliance with Accenture policy.
>
>
> ______________________________________________________________________________________
>
> www.accenture.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20131126/1fd509f2/attachment.html>