Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- Re: How to calculate memory utilization with perfm...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to calculate memory utilization with perfmon KPI's ?
Hi I want to show avg memory utilization of windows servers using Perfom KPI's. Below are the perfmon kpi's avilable
Perfmon: Memory
Perfmon:Available Memory
How do i calculate.. Please help with the query
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Since Total Memory is a static number, you can go either the way, Below is the search, assumes you are pulling from Perfmon:
index=perfmon sourcetype=perfmon
object="Memory" (counter="Memory" OR counter="Available Memory")
| eval total=if(counter="Memory",Value,"NA")
| stats avg(Value) as avgAvailable latest(total) as total by object
| eval MemoryUtilization=round((total-avgAvailable)/total*100,1)
if memory is static value, you can put in your search as:
index=perfmon sourcetype="Perfmon" object="Memory" counter="Available Memory"
| eval total=6144
| stats avg(Value) as avgAvailable by object
| eval MemoryUtilization=round((total-avgAvailable)/total*100,1)
please accept it as an answer if you liked it 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This should work, how about if we have multiple hosts and each host has static value? Kindly help. Thank you.
Aside, is there a way to find the total memory via search query itself?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the response!
I see the search query is for 1 host. What should be done if I have multiple hosts which has different static memory allocated? being new to splunk I am kind of halt!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
index=perfmon sourcetype=perfmon
object="Memory" (counter="Memory" OR counter="Available Memory")
| eval total=if(counter="Memory",Value,"NA")
| stats avg(Value) as avgAvailable latest(total) as total by host object
| eval MemoryUtilization=round((total-avgAvailable)/total*100,1)
Adding host to by clause of stats should be sufficient.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe answer satisfy both questions. However, feel free to explain your question further.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try that:
index = * sourcetype="Perfmon:Memory" counter="Available MBytes" | timechart avg(Value) by host
hope it helps
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Index This | What travels the world but is also stuck in place?
Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data
Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...
