Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Finding the top 10 or 15 processes in taskmgr search query.

saccam447
Explorer
‎12-07-2011 12:46 PM

Hey folks. Im new to splunk ive been created a bunch of different useful dashboards but i could not figure out how to do the following:

top 10 or 15 processes within task mgr.

I already have my perfmon.conf configured to forward a bunch of counters already. are there any counters in particular that I would need to help with this search query?

thank you very much for you input.

Scott

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

saccam447
Explorer
‎12-12-2011 12:21 PM

This is what I did below: I also made sure that my perfmon.conf file had all of the necessary instances and counters for the perfmon counter i created below.

source="perfmon:process percent processor time" host="las-p-pd-sql*" instance= * | chart max(Value) as MaxCPU, by instance,host

This worked perfectly for what I needed. The Chart and Table is very useful to look for a spike.

But Thank you Takajian for your help.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

saccam447
Explorer
‎12-12-2011 12:21 PM

This is what I did below: I also made sure that my perfmon.conf file had all of the necessary instances and counters for the perfmon counter i created below.

source="perfmon:process percent processor time" host="las-p-pd-sql*" instance= * | chart max(Value) as MaxCPU, by instance,host

This worked perfectly for what I needed. The Chart and Table is very useful to look for a spike.

But Thank you Takajian for your help.

0 Karma
Reply
Solved! Jump to solution

Takajian
Builder
‎12-07-2011 03:23 PM

Do you want to see statistics of process on Windows server? If so, you can install Windows app. This may be the easiest way to do. The site is following.

http://splunk-base.splunk.com/apps/22315/splunk-for-windows

Following command will show you max cpu load by process name. Hope this help.

source=WMI:localprocesses Name!=Total | rex field=Name "(?[^#]+)#\d+$" | eval CPULoad = PercentProcessorTime | stats avg(CPULoad) by Name

0 Karma
Reply
Solved! Jump to solution

saccam447
Explorer
‎12-08-2011 10:57 AM

I already have the Windows app installed. The problem is that im using perfmon:* instead of WMI:* for all my counters. Is there a way where that seatrch query can be modified for perfmon:* ... ? Or is WMI easier for this type of query?

Hope I am making sense.

Scott

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...