Does Elastic support pipe operator (|) like splunk

Dear all,

  • In my case off Monitor Alarm from Network Device. One Alarm have two event:
  • Raise Alarm: when a problem of system occur
  • Clear Alarm: when system go normal (alarm clear)
    sample:
    May 1 02:47:50 :cisco: %C7600_PWR-SP-2-PSFAIL: power supply 2 output failed.
    May 2 03:50:05 :cisco: %C7600_PWR-SP-4-PSOK: power supply 1 turned on.

How to find which Alarm has been clear, and duration of downtime.
Result above as:
VENDOR ALARM START_ALARM STOP_ALARM DURATION

cisco power May 1 02:47:50 May 1 03:50:05 1h:02
huawei power May 1 04:17:50 May 1 04:27:05 10 minute
Alcatel power May 1 05:01:20 May 1 06:02:05 1h:01

have anyone help em ? please..........

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.