Getting Data In

Need CPU and Memory peak utilization of multiple VM's

bhanue
New Member

Hi All,
I am very new to Splunk.

My organisation uses Splunk for all infra monitoring, I am trying to get the "Peak CPU average" (or) the highest CPU hit per instance in last 24 hours of all my Azure VM's (it's Windows and Linux combo).

I am able to get average average using bellow query, but I need peak average - Can you please help.

host=AZR* index="perfmon" source="Perfmon:CPU" counter="% Processor Time" | stats avg(Value) as avgcpu by host

host=AZR* index="perfmon" source="Perfmon:Memory" counter="% Committed Bytes In Use" | stats avg(Value) as AvgMemory by host

0 Karma
1 Solution

nickhills
Ultra Champion

There are several ways to do this - use |stats max(Value) for the highest value across your result set
If you want the peak average value, you can use your existing search, and just massage the results a bit with something like

...| stats avg(Value) as avgcpu by host|sort - avgcpu|head 1

If you wanted to use the stats function again, you could instead do:

...| stats avg(Value) as avgcpu by host|stats max(avgcpu) as maxAvgCpu by host

If my comment helps, please give it a thumbs up!

View solution in original post

0 Karma

nickhills
Ultra Champion

There are several ways to do this - use |stats max(Value) for the highest value across your result set
If you want the peak average value, you can use your existing search, and just massage the results a bit with something like

...| stats avg(Value) as avgcpu by host|sort - avgcpu|head 1

If you wanted to use the stats function again, you could instead do:

...| stats avg(Value) as avgcpu by host|stats max(avgcpu) as maxAvgCpu by host

If my comment helps, please give it a thumbs up!
0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...