Splunk search for Linux and Windows machine uptime
Copy
sourcetype=Unix:Uptime OR sourcetype=WMI:Uptime | dedup host | eval days=round(SystemUpTime/(60*60*24),2), weeks=round(days/7,2), months=round(days/30,2) | table host days weeks months SystemUpTime |sort - SystemUpTime | rename days as "Days Up", weeks as "Weeks Up" months as "Months Up", SystemUpTime as "Seconds Up"
This search will provide the total uptime of a Windows or Unix system. The search will output uptime in days, weeks, months and seconds. The search depends on existence of the Unix:Uptime (from Splunk Add on for Unix/Linux) or WMI:Uptime (from Splunk Add on for Windows) sourcetypes