Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Need CPU and Memory peak utilization of multiple VM's

bhanue
New Member
‎01-26-2020 03:22 AM

Hi All,
I am very new to Splunk.

My organisation uses Splunk for all infra monitoring, I am trying to get the "Peak CPU average" (or) the highest CPU hit per instance in last 24 hours of all my Azure VM's (it's Windows and Linux combo).

I am able to get average average using bellow query, but I need peak average - Can you please help.

host=AZR* index="perfmon" source="Perfmon:CPU" counter="% Processor Time" | stats avg(Value) as avgcpu by host

host=AZR* index="perfmon" source="Perfmon:Memory" counter="% Committed Bytes In Use" | stats avg(Value) as AvgMemory by host

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎01-26-2020 03:31 AM

There are several ways to do this - use |stats max(Value) for the highest value across your result set
If you want the peak average value, you can use your existing search, and just massage the results a bit with something like

...| stats avg(Value) as avgcpu by host|sort - avgcpu|head 1

If you wanted to use the stats function again, you could instead do:

...| stats avg(Value) as avgcpu by host|stats max(avgcpu) as maxAvgCpu by host

If my comment helps, please give it a thumbs up!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎01-26-2020 03:31 AM

There are several ways to do this - use |stats max(Value) for the highest value across your result set
If you want the peak average value, you can use your existing search, and just massage the results a bit with something like

...| stats avg(Value) as avgcpu by host|sort - avgcpu|head 1

If you wanted to use the stats function again, you could instead do:

...| stats avg(Value) as avgcpu by host|stats max(avgcpu) as maxAvgCpu by host

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...