Counters Value in search query

dhirendra761 · ‎11-05-2019

Hi,

I don't understand the use of "Counters" in input.conf configuration while monitoring "Memory" of the system.

input.conf

[perfmon://Memory]
counters = Page Faults/sec; Available Bytes; Committed Bytes; Commit Limit; Write Copies/sec; Transition Faults/sec; Cache Faults/sec; Demand Zero Faults/sec; Pages/sec; Pages Input/sec; Page Reads/sec; Pages Output/sec; Pool Paged Bytes; Pool Nonpaged Bytes; Page Writes/sec; Pool Paged Allocs; Pool Nonpaged Allocs; Free System Page Table Entries; Cache Bytes; Cache Bytes Peak; Pool Paged Resident Bytes; System Code Total Bytes; System Code Resident Bytes; System Driver Total Bytes; System Driver Resident Bytes; System Cache Resident Bytes; % Committed Bytes In Use; Available KBytes; Available MBytes; Transition Pages RePurposed/sec; Free & Zero Page List Bytes; Modified Page List Bytes; Standby Cache Reserve Bytes; Standby Cache Normal Priority Bytes; Standby Cache Core Bytes; Long-Term Average Standby Cache Lifetime (s)
disabled = 0
interval = 10
mode = multikv
object = Memory
useEnglishOnly=true

My events are extracting as the attached screenshot. (why fields are extract same as counters with "_" )
So what will be SPL to find out "available memory" suing counters in input.conf?

Please describe the role and use of Counter please in search query.

Thanks in advance.

adonio · ‎11-05-2019

maybe like this:
... search for perfmon data ... | eval available_memory = 100 - %_Committed_Bytes_In_Use ....

Counters Value in search query

Please describe the role and use of Counter please in search query.

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes