Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Find the max and min cpu per host

manapuna
New Member
‎05-18-2020 07:35 PM

I have four hosts. H1, H2, H3, H4
each host have cpu_load

I want to find min cpu_load and max cpu_load. Find the min/max out of all host. In My scenario out of 4 host, find the min/max.

| stats min(host of cpu_load) as Min, max(host of cpu_load) | eval diff=max-min | alert based on diff

Any help is appreciated. Thank you

Labels (2)
Tags (4)
0 Karma
Reply

manapuna
New Member
‎05-19-2020 07:24 AM

I changed the question a bit.

... | stats count by host

output

H1 200
H2 340
H3 400
H4 250

The count of each host is different. How would you eval min_value and max_value of these host counts?

0 Karma
Reply

to4kawa
Ultra Champion
‎05-19-2020 08:08 AM 
....
| stats count by host
| eventstats max(count) as max_value min(count) as min_value
| eval diff = max_value - min_value

try eventstats

0 Karma
Reply

chinmoya
Communicator
‎05-19-2020 04:56 AM

try this:

| stats max(cpu_load) as max_tmp min(cpu_load) as min_tmp by host
| eventstats max(max_tmp) as max_final min(min_tmp) as min_final
| eval max_flag=if(max_tmp=max_final,1,0) , min_flag=if(min_tmp=min_final,1,0)
| where min_flag=1 OR max_flag=1

0 Karma
Reply

marycordova
SplunkTrust
SplunkTrust
‎05-18-2020 07:59 PM

|stats max(cpu_load) as max min(cpu_load) as min by host

https://docs.splunk.com/Documentation/Splunk/8.0.3/SearchReference/Stats#Stats_function_options

@marycordova
0 Karma
Reply

manapuna
New Member
‎05-19-2020 04:07 AM

mmm.. It didn't do it. Let me ask the question in different way. Lets forget about CPU. Lets say each host is giving you count of sessions or count of traffic.

index=app | stats count by host

result based on 4 host

How would you find max count out of 4 host

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...