Dashboard statistics table for Processes that consume > 85% of hosts memory and cpu.
Ideally I'd like to Show results by process name, host, % memory used, % cpu used to notify which are my top offender process causing host performance issues.
Working with this query so far for my linux hosts :
(index=os host=* source=ps) process_name!="-bash"| stats count as avg(process_cpu_used_percent) by process_name, host | rename "avg(process_cpu_used_percent)" as "% CPU Used by Process"
working with this saved search so far for windows hosts :
index=perfmon earliest=-15m source="Perfmon:Process" counter="% Processor Time" (instance!="_Total" AND instance!="Idle" AND instance!="System") | eventstats avg(Value) as AvgValue by host,instance | top instance by AvgValue,host limit=10 showperc=f showcount=f| sort -host,-AvgValue
If you wanted both CPU and Memory you could use a where clause such as:
(index=os host=* source=ps) process_name!="-bash"| stats avg(process_cpu_used_percent) AS avgCPUUsed by process_name, host | where avgCPUUsed > 85 | rename avgCPUUsed AS "% CPU Used by Process"
where is documented here and stats is documented here , you can split your stats command by multiple fields if you wish and you can use boolean logic in your where clause.
So you may want to do avgCPUUsed>85 AND avgMemUsed > 85 (or similar)
If you wanted both CPU and Memory you could use a where clause such as:
(index=os host=* source=ps) process_name!="-bash"| stats avg(process_cpu_used_percent) AS avgCPUUsed by process_name, host | where avgCPUUsed > 85 | rename avgCPUUsed AS "% CPU Used by Process"
where is documented here and stats is documented here , you can split your stats command by multiple fields if you wish and you can use boolean logic in your where clause.
So you may want to do avgCPUUsed>85 AND avgMemUsed > 85 (or similar)