I do this in an alert script:
ACTIVE=/home/xymon/server/bin/xymon 0 "xymondlog $BBHOSTSVC"|head -1|awk -F\| '{print"@"$5}'|xargs date -d
NOW=date '+%s'
ALERTACTIVE=/home/xymon/server/bin/xymon 0 "xymondlog $BBHOSTSVC"|head -1|awk -F\| '{print $5}'
ACTIVECOLOR=/home/xymon/server/bin/xymon 0 "xymondlog $BBHOSTSVC"|head -1|awk -F\| '{print $3}'
ALERTDIFF=expr $NOW - $ALERTACTIVE
ALERTTIME=echo - | awk -v S=$ALERTDIFF '{printf "%d hours %d minutes",S/(60*60),S%(60*60)/60}'
Which, eventually shows up like this in our email alert: Alert Active Since: Tue Nov 12 11:28:52 CST 2013 (Duration of Alert 4 hours 1 minutes)
You could use the same logic to get what you want.
Thanks, John Upcoming PTO: None
John Rothlisberger IT Strategy, Infrastructure & Security - Technology Growth Platform TGP for Business Process Outsourcing Accenture 312.693.3136 office
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Betsy Schwartz Sent: Wednesday, November 13, 2013 8:20 AM To: xymon at xymon.com Subject: [Xymon] Metrics reports on red/yellow duration? Unacked? Splunk?
My grand-boss is looking to set some standards for how long we let reds and yellows go un-ACKed and un-resolved. There's a built in report but it seems to summarize total time red /yellow and what we're really interested in is how long it's taking us to respond.
Has anyone done anything with this? I'm wondering if feeding the acklogs into splunk would let us work something up. And/or thinking about just trying to scrape this off the board. Thoughts and code snippets welcome
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited.
Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
www.accenture.com