Solved: Need CPU and Memory peak utilization of multiple V...

bhanue · ‎01-26-2020

Hi All,
I am very new to Splunk.

My organisation uses Splunk for all infra monitoring, I am trying to get the "Peak CPU average" (or) the highest CPU hit per instance in last 24 hours of all my Azure VM's (it's Windows and Linux combo).

I am able to get average average using bellow query, but I need peak average - Can you please help.

host=AZR* index="perfmon" source="Perfmon:CPU" counter="% Processor Time" | stats avg(Value) as avgcpu by host

host=AZR* index="perfmon" source="Perfmon:Memory" counter="% Committed Bytes In Use" | stats avg(Value) as AvgMemory by host

nickhills · ‎01-26-2020

There are several ways to do this - use |stats max(Value) for the highest value across your result set
If you want the peak average value, you can use your existing search, and just massage the results a bit with something like

...| stats avg(Value) as avgcpu by host|sort - avgcpu|head 1

If you wanted to use the stats function again, you could instead do:

...| stats avg(Value) as avgcpu by host|stats max(avgcpu) as maxAvgCpu by host

If my comment helps, please give it a thumbs up!

View solution in original post

nickhills · ‎01-26-2020

There are several ways to do this - use |stats max(Value) for the highest value across your result set
If you want the peak average value, you can use your existing search, and just massage the results a bit with something like

...| stats avg(Value) as avgcpu by host|sort - avgcpu|head 1

If you wanted to use the stats function again, you could instead do:

...| stats avg(Value) as avgcpu by host|stats max(avgcpu) as maxAvgCpu by host

If my comment helps, please give it a thumbs up!

Need CPU and Memory peak utilization of multiple VM's

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!