topic Re: How to create visualizations by using Unix top command output? in Dashboards & Visualizations

How to create visualizations by using Unix top command output?

rajgowd1 — Tue, 17 Jan 2017 19:10:20 GMT

Hi,
i have a cronjob which has some performance related scripts which run for every 5 mins and sends output to indexed folder.

attaching the top command output: link text

I'd like respective graphs using Unix top command output. How can we create the visualizations by using top output? any help is appreciated

Re: How to create visualizations by using Unix top command output?

rajgowd1 — Tue, 17 Jan 2017 20:12:06 GMT

can we show them based on top output like

total memory
used memory
free and cached
total swap
used swap
free and buffered swap

top users consumed CPU,memory and PID

Re: How to create visualizations by using Unix top command output?

somesoni2 — Tue, 17 Jan 2017 20:29:01 GMT

Is the output of whole command available in Splunk as part of one event?

Re: How to create visualizations by using Unix top command output?

rajgowd1 — Tue, 29 Sep 2020 12:27:50 GMT

No,
when i index the output,i selected source type as generic_single_line,so its displaying each line as one event.

i am not very sure,which one is good for displaying like total output as one event or each line as one event.

Re: How to create visualizations by using Unix top command output?

rajgowd1 — Tue, 17 Jan 2017 22:37:50 GMT

will it work if i make it as one event?

Re: How to create visualizations by using Unix top command output?

woodcock — Wed, 18 Jan 2017 00:06:16 GMT

First make sure that each run's output is treated as a single event:
https://docs.splunk.com/Documentation/Splunk/6.5.1/Data/Configureeventlinebreaking

Then use multikv to create multiple events from that:
http://blogs.splunk.com/2007/08/23/ripping-mulitline-events-at-seach-time/
https://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Multikv

Re: How to create visualizations by using Unix top command output?

rajgowd1 — Wed, 18 Jan 2017 00:29:03 GMT

thank you,i am checking and working on it,i will update on this thread once i implement the same

Re: How to create visualizations by using Unix top command output?

rajgowd1 — Thu, 19 Jan 2017 21:30:32 GMT

Hi,
i am working on uptime command.can we show below uptime load average results in line chart?

13:43:55 up 74 days, 4:08, 2 users, load average: 0.11, 0.05, 0.01

Re: How to create visualizations by using Unix top command output?

rajgowd1 — Thu, 19 Jan 2017 22:30:54 GMT

i have written a script which display output like below.can we create any kind of chart with below out put

Re: How to create visualizations by using Unix top command output?

woodcock — Fri, 20 Jan 2017 04:53:16 GMT

Post the output of the script here.

Re: How to create visualizations by using Unix top command output?

woodcock — Fri, 20 Jan 2017 06:01:43 GMT

For uptime, you do not multikv, just send the entire output in as a single event and use a field extraction like this:

... | rex "(?<time>.*)\s+up\s+(?<updays>.*)\s+days,\s+(?<uphours>\d+):(?<upminutes>\d+),\s+(?<num_users>\d+)\s+users,\s+load\s+average:\s+(?<avgload_1minute>.+),\s+(?<avgload_5minutes>.+),\s+(?<avgload_15minutes>.+)"

Re: How to create visualizations by using Unix top command output?

rajgowd1 — Fri, 20 Jan 2017 06:14:36 GMT

Thank you,I was not able to copy my output.

Usually when we run uptime command in Linux it shows load average with 3 values delimited by a comma.
Can we visualize these load average values in any kind of chart.

Re: How to create visualizations by using Unix top command output?

woodcock — Fri, 20 Jan 2017 06:31:29 GMT

You can then add this:

... | timechart avg(avgload*) BY host