- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
Can you please help me to extract the fields and related data from vmstat logs which are coming into splunk,Below the logs lines:
memTotalMB memFreeMB memUsedMB memFreePct memUsedPct pgPageOut swapUsedPct pgSwapOut cSwitches interrupts forks processes threads loadAvg1mi waitThreads interrupts_PS pgPageIn_PS pgPageOut_PS
7000 xx8 xxx5 9.4 90.6 1561978416 100.0 85616943 4002987866 3965557908 66831877 250 3251 11.04 9.04 27902.02 48.24 2132.66
Splunk Architect
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is a command multikv, it works for tabled data like we get from Unix/Linux machines:
index=foo host=abc* sourcetype=vmstat
| bucket _time span=5m
| multikv fields
| stats avg(memUsedPct) as MemoryUsed by host
Splunk Architect
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is a command multikv, it works for tabled data like we get from Unix/Linux machines:
index=foo host=abc* sourcetype=vmstat
| bucket _time span=5m
| multikv fields
| stats avg(memUsedPct) as MemoryUsed by host
Splunk Architect
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you looking for help interpreting the data, i.e., what each numerical field represents? Or are you looking for help with parsing into individual fields?
