Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Need CPU and Memory peak utilization of multiple VM's

bhanue
New Member
‎01-26-2020 03:22 AM

Hi All,
I am very new to Splunk.

My organisation uses Splunk for all infra monitoring, I am trying to get the "Peak CPU average" (or) the highest CPU hit per instance in last 24 hours of all my Azure VM's (it's Windows and Linux combo).

I am able to get average average using bellow query, but I need peak average - Can you please help.

host=AZR* index="perfmon" source="Perfmon:CPU" counter="% Processor Time" | stats avg(Value) as avgcpu by host

host=AZR* index="perfmon" source="Perfmon:Memory" counter="% Committed Bytes In Use" | stats avg(Value) as AvgMemory by host

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎01-26-2020 03:31 AM

There are several ways to do this - use |stats max(Value) for the highest value across your result set
If you want the peak average value, you can use your existing search, and just massage the results a bit with something like

...| stats avg(Value) as avgcpu by host|sort - avgcpu|head 1

If you wanted to use the stats function again, you could instead do:

...| stats avg(Value) as avgcpu by host|stats max(avgcpu) as maxAvgCpu by host

If my comment helps, please give it a thumbs up!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

nickhills
Ultra Champion
‎01-26-2020 03:31 AM

There are several ways to do this - use |stats max(Value) for the highest value across your result set
If you want the peak average value, you can use your existing search, and just massage the results a bit with something like

...| stats avg(Value) as avgcpu by host|sort - avgcpu|head 1

If you wanted to use the stats function again, you could instead do:

...| stats avg(Value) as avgcpu by host|stats max(avgcpu) as maxAvgCpu by host

If my comment helps, please give it a thumbs up!
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...