Hi All
i am new to Splunk and hope this is not to much of a stupid question.
i am looking to create a report in the form of a line graph that shows the following values CPU values by time on the Y axis and cpu usage on the X axis
2013-06-04 14:01:48,192 INFO [] [6_ResourceMonitor] Total CPU usage per CPU: 0=65.17%
2013-06-04 14:01:48,192 INFO [] [6_ResourceMonitor] Total CPU usage per CPU: 0=62.09%
2013-06-04 14:01:48,192 INFO [] [6_ResourceMonitor] Total CPU usage per CPU: 0=60.17%
2013-06-04 14:01:48,192 INFO [] [6_ResourceMonitor] Total CPU usage per CPU: 0=59.12%
2013-06-04 14:01:48,192 INFO [] [6_ResourceMonitor] Total CPU usage per CPU: 0=59.09%
i have tried several different things but stuck at the moment any help would be fantastic
Hello,
First of all, you´ll need to extract the values you want to chart in a new field with the rex command:
...| rex "CPU:\s0=(?< cpu_values >\d+\.\d+)" | ...
*without the spaces before and after the cpu_values
Then you need to use time chart, you´ll search would look something similar to:
sourcetype="mysourcetype" | rex "CPU:\s0=(?< cpu_values >\d+\.\d+)" | timechart avg(cpu_values)
Regards