Monitoring Splunk

How to calculate memory utilization with perfmon KPI's ?

sreelakshmi123
New Member

Hi I want to show avg memory utilization of windows servers using Perfom KPI's. Below are the perfmon kpi's avilable

Perfmon: Memory
Perfmon:Available Memory

How do i calculate.. Please help with the query

0 Karma

akocak
Contributor

Since Total Memory is a static number, you can go either the way, Below is the search, assumes you are pulling from Perfmon:

index=perfmon sourcetype=perfmon
 object="Memory"    (counter="Memory" OR counter="Available Memory")
| eval total=if(counter="Memory",Value,"NA")
| stats avg(Value) as  avgAvailable latest(total)  as total by object
| eval MemoryUtilization=round((total-avgAvailable)/total*100,1)

if memory is static value, you can put in your search as:

index=perfmon sourcetype="Perfmon" object="Memory" counter="Available Memory"
| eval total=6144
| stats avg(Value) as  avgAvailable by object
| eval MemoryUtilization=round((total-avgAvailable)/total*100,1)

please accept it as an answer if you liked it 🙂

0 Karma

pvbharath
New Member

This should work, how about if we have multiple hosts and each host has static value? Kindly help. Thank you.

Aside, is there a way to find the total memory via search query itself?

0 Karma

pvbharath
New Member

Thanks for the response!

I see the search query is for 1 host. What should be done if I have multiple hosts which has different static memory allocated? being new to splunk I am kind of halt!

0 Karma

akocak
Contributor
 index=perfmon sourcetype=perfmon
  object="Memory"    (counter="Memory" OR counter="Available Memory")
 | eval total=if(counter="Memory",Value,"NA")
 | stats avg(Value) as  avgAvailable latest(total)  as total by host object
 | eval MemoryUtilization=round((total-avgAvailable)/total*100,1)

Adding host to by clause of stats should be sufficient.

0 Karma

akocak
Contributor

I believe answer satisfy both questions. However, feel free to explain your question further.

0 Karma

adonio
Ultra Champion

try that:
index = * sourcetype="Perfmon:Memory" counter="Available MBytes" | timechart avg(Value) by host
hope it helps

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...