I am developing a dashboard that will list Windows Processes that are CPU intensive. My query looks like below:
index=platform_connect_os earliest=-5m host=host* source="Perfmon:Process" counter="% Processor Time" (instance!="_Total" AND instance!="Idle" AND instance!="System") | stats avg(Value) as "CPU Time by Host" by host ,instance| sort 0 -host,-AvgValue | streamstats count as sno by host | where sno>4 | fields - sno
I am getting the below output:
Can someone confirm whether the results are correct or not? What is the unit of CPU Time by Host. I can't understand these numbers. Basically i want to display something like below:
I want to list process followed by CPU in human readable format in Splunk dashboard.