cpu and mem usage

dall · ‎09-21-2020

Hi i am new to splunk dashboard

I have events like this from here, how i ll get cpu and memory usage?

can any one help on this??

<182>2020-09-18T08:01:18.787Z vmkernel: cpu56:6319637)Sched: vm 6319638: 6193: Adding world 'vmm0:bcollab-sie-lx', group 'host/user', cpu: shares=-1 min=-1 minLimit=-1 max=-1, mem: shares=-1 min=-1 minLimit=-1 max=-1

<182>2020-09-18T08:07:19.325Z vmkernel: cpu48:6320125)Sched: vm 6320126: 6193: Adding world 'vmm0:burp-collab-sie', group 'host/user', cpu: shares=-1 min=-1 minLimit=-1 max=-1, mem: shares=-1 min=-1 minLimit=-1 max=-1

<182>2020-09-18T07:26:07.290Z vmkernel: cpu34:6317318)Sched: vm 6317319: 6193: Adding world 'vmm0:burpcollab-sie', group 'host/user', cpu: shares=-1 min=-1 minLimit=-1 max=-1, mem: shares=-1 min=-1 minLimit=-1 max=-1

ITWhisperer · ‎09-22-2020

| rex "cpu\d+:(?<cpu>[^\)])\)Sched:\svm\s(?<vm>[^:]+)"

This assumes the cpu value you want is between the ":" and the ")" and the vm value you want is between the "vm " and the ":"

dall · ‎09-22-2020

sorry,this one is notgiving any result.

ITWhisperer · ‎09-22-2020

Which part of the message do you want? Can you copy it into a code section so it isn't formatted?

cpu and mem usage

using Splunk Enterprise

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES

Are you a member of the Splunk Community?

cpu and mem usage

using Splunk Enterprise

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES