Dashboards & Visualizations

How to create visualizations by using Unix top command output?

Communicator

Hi,
i have a cronjob which has some performance related scripts which run for every 5 mins and sends output to indexed folder.

attaching the top command output: link text

I'd like respective graphs using Unix top command output. How can we create the visualizations by using top output? any help is appreciated

0 Karma
1 Solution

Esteemed Legend
0 Karma

Esteemed Legend

For uptime, you do not multikv, just send the entire output in as a single event and use a field extraction like this:

... | rex "(?<time>.*)\s+up\s+(?<updays>.*)\s+days,\s+(?<uphours>\d+):(?<upminutes>\d+),\s+(?<num_users>\d+)\s+users,\s+load\s+average:\s+(?<avgload_1minute>.+),\s+(?<avgload_5minutes>.+),\s+(?<avgload_15minutes>.+)"
0 Karma

Communicator

Thank you,I was not able to copy my output.

Usually when we run uptime command in Linux it shows load average with 3 values delimited by a comma.
Can we visualize these load average values in any kind of chart.

0 Karma

Esteemed Legend

You can then add this:

... | timechart avg(avgload*) BY host
0 Karma

Esteemed Legend
0 Karma

Communicator

thank you,i am checking and working on it,i will update on this thread once i implement the same

0 Karma

Communicator

Hi,
i am working on uptime command.can we show below uptime load average results in line chart?

13:43:55 up 74 days, 4:08, 2 users, load average: 0.11, 0.05, 0.01

0 Karma

Communicator

i have written a script which display output like below.can we create any kind of chart with below out put

0 Karma

Esteemed Legend

Post the output of the script here.

0 Karma

SplunkTrust
SplunkTrust

Is the output of whole command available in Splunk as part of one event?

0 Karma

Communicator

No,
when i index the output,i selected source type as genericsingleline,so its displaying each line as one event.

i am not very sure,which one is good for displaying like total output as one event or each line as one event.

0 Karma

Communicator

will it work if i make it as one event?

0 Karma

Communicator

can we show them based on top output like

total memory
used memory
free and cached
total swap
used swap
free and buffered swap

top users consumed CPU,memory and PID

0 Karma