- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Paging Charting in *nix App
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Has anyone added a custom chart to the *nix app or a custom app that shows linux os paging statistics? I know the data is there from the Splunk_TA_nix add-on, but some additional calculations might need to be performed to show current paging amounts, like streamstats.
Just curious. I have tried to find something in the *nix app, but couldn't find the stats I want. I am trying to mirror as best as possible the information that is provided by spotlight.
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I now have paging and swapping charts integrated into the *nix app. It seemed like the best fit on the Memory by Host view. I modified the view to include two more charts on row 3, moving the Physical Memory by Host chart to row 4. The dropdown selector also works with the paging charts. By default it will show all hosts paging stats, and if you select a single host, it will reflect that one host. The XML for my charts is below:
<module name="HiddenSearch" layoutPanel="panel_row3_col1" group="Average Paging Out in KB/s by Host" autoRun="False">
<param name="search">index="os" source="vmstat" host=$host$ | multikv fields pgPageOut | streamstats current=f global=f window=1 first(pgPageOut) as next_pPO by host | eval podiff = next_pPO-pgPageOut | eval podiffps = podiff/60 | timechart avg(podiffps) by host</param>
<param name="groupLabel">Average Paging Out in KB/s by Host</param>
<module name="HiddenFieldPicker">
<param name="strictMode">True</param>
<module name="JobProgressIndicator">
<module name="EnablePreview">
<param name="enable">True</param>
<param name="display">False</param>
<module name="HiddenChartFormatter">
<param name="charting.secondaryAxisTitle.text">Avg Page Out KB/s</param>
<param name="charting.chart">line</param>
<param name="charting.chart.nullValueMode">connect</param>
<module name="JSChart">
<param name="width">100%</param>
<module name="ConvertToDrilldownSearch">
<module name="ViewRedirector">
<param name="viewTarget">flashtimeline</param>
</module>
</module>
</module>
<module name="ViewRedirectorLink">
<param name="viewTarget">flashtimeline</param>
</module>
</module>
</module>
</module>
</module>
</module>
<module name="HiddenSearch" layoutPanel="panel_row3_col2" group="Average Swapping Out in KB/s by Host" autoRun="False">
<param name="search">index="os" source="vmstat" host=$host$ | multikv fields pgSwapOut | streamstats current=f global=f window=1 first(pgSwapOut) as next_pSO by host | eval sodiff = next_pSO-pgSwapOut | eval sodiffps = sodiff/60 | timechart avg(sodiffps) by host</param>
<param name="groupLabel">Average Swapping Out in KB/s by Host</param>
<module name="HiddenFieldPicker">
<param name="strictMode">True</param>
<module name="JobProgressIndicator">
<module name="EnablePreview">
<param name="enable">True</param>
<param name="display">False</param>
<module name="HiddenChartFormatter">
<param name="charting.secondaryAxisTitle.text">Avg Swap Out KB/s</param>
<param name="charting.chart">line</param>
<param name="charting.chart.nullValueMode">connect</param>
<module name="JSChart">
<param name="width">100%</param>
<module name="ConvertToDrilldownSearch">
<module name="ViewRedirector">
<param name="viewTarget">flashtimeline</param>
</module>
</module>
</module>
<module name="ViewRedirectorLink">
<param name="viewTarget">flashtimeline</param>
</module>
</module>
</module>
</module>
</module>
</module>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Attaching some pics of how it looks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After tweaking this, I plan to move to the network charts. They seem a bit off to me.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi @jodros ,
Am also looking for Paging and Swapping in details. Are you able to achieve this through any tweakings to the script. If so can you please help me with the vmstat.sh script that you have tweked.
Thanks,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks. Now I just need to tweak the vmstat.sh script to also include paging and swapping in. As it is right now, it only shows paging/swapping out. Like to have both.
Let me know if you have any suggestions on how I can improve it more!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Impressive that you were able to go from zero to sixty in 4 hours!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I now have paging and swapping charts integrated into the *nix app. It seemed like the best fit on the Memory by Host view. I modified the view to include two more charts on row 3, moving the Physical Memory by Host chart to row 4. The dropdown selector also works with the paging charts. By default it will show all hosts paging stats, and if you select a single host, it will reflect that one host. The XML for my charts is below:
<module name="HiddenSearch" layoutPanel="panel_row3_col1" group="Average Paging Out in KB/s by Host" autoRun="False">
<param name="search">index="os" source="vmstat" host=$host$ | multikv fields pgPageOut | streamstats current=f global=f window=1 first(pgPageOut) as next_pPO by host | eval podiff = next_pPO-pgPageOut | eval podiffps = podiff/60 | timechart avg(podiffps) by host</param>
<param name="groupLabel">Average Paging Out in KB/s by Host</param>
<module name="HiddenFieldPicker">
<param name="strictMode">True</param>
<module name="JobProgressIndicator">
<module name="EnablePreview">
<param name="enable">True</param>
<param name="display">False</param>
<module name="HiddenChartFormatter">
<param name="charting.secondaryAxisTitle.text">Avg Page Out KB/s</param>
<param name="charting.chart">line</param>
<param name="charting.chart.nullValueMode">connect</param>
<module name="JSChart">
<param name="width">100%</param>
<module name="ConvertToDrilldownSearch">
<module name="ViewRedirector">
<param name="viewTarget">flashtimeline</param>
</module>
</module>
</module>
<module name="ViewRedirectorLink">
<param name="viewTarget">flashtimeline</param>
</module>
</module>
</module>
</module>
</module>
</module>
<module name="HiddenSearch" layoutPanel="panel_row3_col2" group="Average Swapping Out in KB/s by Host" autoRun="False">
<param name="search">index="os" source="vmstat" host=$host$ | multikv fields pgSwapOut | streamstats current=f global=f window=1 first(pgSwapOut) as next_pSO by host | eval sodiff = next_pSO-pgSwapOut | eval sodiffps = sodiff/60 | timechart avg(sodiffps) by host</param>
<param name="groupLabel">Average Swapping Out in KB/s by Host</param>
<module name="HiddenFieldPicker">
<param name="strictMode">True</param>
<module name="JobProgressIndicator">
<module name="EnablePreview">
<param name="enable">True</param>
<param name="display">False</param>
<module name="HiddenChartFormatter">
<param name="charting.secondaryAxisTitle.text">Avg Swap Out KB/s</param>
<param name="charting.chart">line</param>
<param name="charting.chart.nullValueMode">connect</param>
<module name="JSChart">
<param name="width">100%</param>
<module name="ConvertToDrilldownSearch">
<module name="ViewRedirector">
<param name="viewTarget">flashtimeline</param>
</module>
</module>
</module>
<module name="ViewRedirectorLink">
<param name="viewTarget">flashtimeline</param>
</module>
</module>
</module>
</module>
</module>
</module>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@araitz, you think you could help me tweak the vmstat.sh script? 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can anyone assist me in tweaking the vmstat.sh script to output pgPageIn and pgSwapIn? I looked over the script, but it is a bit over my head.
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So I made some searches that chart the pages per second for the pgPageOut and pgSwapOut fields generated by the vmstat.sh script for the Splunk_TA_unix add on. This charts out the average pages per second for these fields. This seems like a chart that would have been included or canned with the *nix app.
Average Page Out in pages per second
index="os" source="vmstat" | multikv fields pgPageOut | streamstats current=f global=f window=1 first(pgPageOut) as next_pPO by host | eval podiff = next_pPO-pgPageOut | eval podiffps = podiff/60 | timechart avg(podiffps) by host
Average Swap Out in pages per second
index="os" source="vmstat" | multikv fields pgSwapOut | streamstats current=f global=f window=1 first(pgSwapOut) as next_pSO by host | eval sodiff = next_pSO-pgSwapOut | eval sodiffps = sodiff/60 | timechart avg(sodiffps) by host
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I plan on adding this to one of the *nix memory charts. Anyone else trying to get this kind of data visualized in charts?
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
Adoption of RUM and APM at Splunk
