Dashboards & Visualizations

Hi I'm new to splunk,. and I have the code to generate a dashboard Panel to show the top 5 Servers with high CPU. but I only get 1 server at 68% ..

jampar12
New Member

index=b2b_os host=* sourcetype=top pctMEM=*| transaction host _time | streamstats window=1 global=f sum(pctMEM) as MEM | table host MEM |top | dedup host

Tags (1)
0 Karma

nickhills
Ultra Champion

Try this (untested) search which I think may be closer to what you need:

index=b2b_os sourcetype=top pctMEM=*| streamstats sum(pctMEM) as Mem |top 5 Mem | table host Mem
If my comment helps, please give it a thumbs up!
0 Karma

jampar12
New Member

thank you .. it's working good now .. Just one more small ask ..

I need to add if the Mem >= 10 % then turn green and if it's >=50& turn yellow and if it's 90% turn red ..

0 Karma

nickhills
Ultra Champion

You can use rangemap to set the target colours for a given result, but this wont colour a table for you (you would need to modify the CSS for that) but if your using charts, this should set the colours as per your definitions

...| rangemap field=Mem green=0-49 yellow=50-89 default=red|...

http://docs.splunk.com/Documentation/Splunk/7.0.1/SearchReference/Rangemap

If my comment helps, please give it a thumbs up!
0 Karma

horsefez
Motivator

Hi jampar12,

please provide us with some sample events and also your pctMEM= at the beginning of your search has no value assigned, as well as the host-field

0 Karma

nickhills
Ultra Champion

Also |transaction with _time will only group events which share the same exact timestamp - probably not what you want.

Also I presume you mean memory use, rather than high CPU?

If my comment helps, please give it a thumbs up!
0 Karma
Get Updates on the Splunk Community!

Customer Experience | Splunk 2024: New Onboarding Resources

In 2023, we were routinely reminded that the digital world is ever-evolving and susceptible to new ...

Celebrate CX Day with Splunk: Take our interactive quiz, join our LinkedIn Live ...

Today and every day, Splunk celebrates the importance of customer experience throughout our product, ...

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...