Dashboards & Visualizations

Hi I'm new to splunk,. and I have the code to generate a dashboard Panel to show the top 5 Servers with high CPU. but I only get 1 server at 68% ..

jampar12
New Member

index=b2b_os host=* sourcetype=top pctMEM=*| transaction host _time | streamstats window=1 global=f sum(pctMEM) as MEM | table host MEM |top | dedup host

Tags (1)
0 Karma

nickhills
Ultra Champion

Try this (untested) search which I think may be closer to what you need:

index=b2b_os sourcetype=top pctMEM=*| streamstats sum(pctMEM) as Mem |top 5 Mem | table host Mem
If my comment helps, please give it a thumbs up!
0 Karma

jampar12
New Member

thank you .. it's working good now .. Just one more small ask ..

I need to add if the Mem >= 10 % then turn green and if it's >=50& turn yellow and if it's 90% turn red ..

0 Karma

nickhills
Ultra Champion

You can use rangemap to set the target colours for a given result, but this wont colour a table for you (you would need to modify the CSS for that) but if your using charts, this should set the colours as per your definitions

...| rangemap field=Mem green=0-49 yellow=50-89 default=red|...

http://docs.splunk.com/Documentation/Splunk/7.0.1/SearchReference/Rangemap

If my comment helps, please give it a thumbs up!
0 Karma

horsefez
Motivator

Hi jampar12,

please provide us with some sample events and also your pctMEM= at the beginning of your search has no value assigned, as well as the host-field

0 Karma

nickhills
Ultra Champion

Also |transaction with _time will only group events which share the same exact timestamp - probably not what you want.

Also I presume you mean memory use, rather than high CPU?

If my comment helps, please give it a thumbs up!
0 Karma
Get Updates on the Splunk Community!

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

[Coming Soon] Splunk Observability Cloud - Enhanced navigation with a modern look and ...

We are excited to introduce our enhanced UI that brings together AppDynamics and Splunk Observability. This is ...