Dashboards & Visualizations

Hi I'm new to splunk,. and I have the code to generate a dashboard Panel to show the top 5 Servers with high CPU. but I only get 1 server at 68% ..

jampar12
New Member

index=b2b_os host=* sourcetype=top pctMEM=*| transaction host _time | streamstats window=1 global=f sum(pctMEM) as MEM | table host MEM |top | dedup host

Tags (1)
0 Karma

nickhills
Ultra Champion

Try this (untested) search which I think may be closer to what you need:

index=b2b_os sourcetype=top pctMEM=*| streamstats sum(pctMEM) as Mem |top 5 Mem | table host Mem
If my comment helps, please give it a thumbs up!
0 Karma

jampar12
New Member

thank you .. it's working good now .. Just one more small ask ..

I need to add if the Mem >= 10 % then turn green and if it's >=50& turn yellow and if it's 90% turn red ..

0 Karma

nickhills
Ultra Champion

You can use rangemap to set the target colours for a given result, but this wont colour a table for you (you would need to modify the CSS for that) but if your using charts, this should set the colours as per your definitions

...| rangemap field=Mem green=0-49 yellow=50-89 default=red|...

http://docs.splunk.com/Documentation/Splunk/7.0.1/SearchReference/Rangemap

If my comment helps, please give it a thumbs up!
0 Karma

horsefez
Motivator

Hi jampar12,

please provide us with some sample events and also your pctMEM= at the beginning of your search has no value assigned, as well as the host-field

0 Karma

nickhills
Ultra Champion

Also |transaction with _time will only group events which share the same exact timestamp - probably not what you want.

Also I presume you mean memory use, rather than high CPU?

If my comment helps, please give it a thumbs up!
0 Karma
Get Updates on the Splunk Community!

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...