Belatedly - what I'm thinking about is how to get metrics reports, over the
organization, for example "average time to ack yellows" or "time from ack
to resolution"
I see that the data about color changes is in $XYMONHOME/data/hist stored
by host-test , and the data about acks is in $XYMONHOME/log/acknowledge.log
so I'm thinking we can put that together with splunk.
Alternately, the board knows about color and acktime, so it's possible to
get realtime stats as below ("this alert has been yellow for N minutes")
but there's nothing to put that together over time, which is why I'm
thinking splunk
It would be great if xymon's built-in reports knew about "ACK". we've very
ack-driven around here
On Wed, Nov 13, 2013 at 9:50 AM, <user-7adce57665bb@xymon.invalid> wrote:
I do this in an alert script:
ACTIVE=`/home/xymon/server/bin/xymon 0 "xymondlog $BBHOSTSVC"|head -1|awk
-F\| '{print"@"$5}'|xargs date -d`
NOW=`date '+%s'`
ALERTACTIVE=`/home/xymon/server/bin/xymon 0 "xymondlog $BBHOSTSVC"|head
-1|awk -F\| '{print $5}'`
ACTIVECOLOR=`/home/xymon/server/bin/xymon 0 "xymondlog $BBHOSTSVC"|head
-1|awk -F\| '{print $3}'`
ALERTDIFF=`expr $NOW - $ALERTACTIVE`
ALERTTIME=`echo - | awk -v S=$ALERTDIFF '{printf "%d hours %d
minutes",S/(60*60),S%(60*60)/60}'`
Which, eventually shows up like this in our email alert:
Alert Active Since: Tue Nov 12 11:28:52 CST 2013 (Duration of Alert 4
hours 1 minutes)
You could use the same logic to get what you want.
Thanks,
John
Upcoming PTO:
None
John Rothlisberger
IT Strategy, Infrastructure & Security - Technology Growth Platform
TGP for Business Process Outsourcing
Accenture
XXX.XXX.XXXX office
*From:* Xymon [mailto:xymon-bounces at xymon.com] *On Behalf Of *Betsy
Schwartz
*Sent:* Wednesday, November 13, 2013 8:20 AM
*To:* xymon at xymon.com
*Subject:* [Xymon] Metrics reports on red/yellow duration? Unacked?
Splunk?
My grand-boss is looking to set some standards for how long we let reds
and yellows go un-ACKed
and un-resolved. There's a built in report but it seems to summarize total
time red /yellow and what we're really interested in is how long it's
taking us to respond.
Has anyone done anything with this?
I'm wondering if feeding the acklogs into splunk would let us work
something up. And/or thinking about just trying to scrape this off the
board.
Thoughts and code snippets welcome
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise confidential information. If you have
received it in error, please notify the sender immediately and delete the
original. Any other use of the e-mail by you is prohibited.
Where allowed by local law, electronic communications with Accenture and
its affiliates, including e-mail and instant messaging (including content),
may be scanned by our systems for the purposes of information security and
assessment of internal compliance with Accenture policy.
www.accenture.com