Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

CPU & MEMORY utilization

lucky
Explorer
‎09-05-2023 10:46 PM

HI Team,

how to write search query for cpu & memory utilization 

 

please help on this 

 

thanks

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-05-2023 11:40 PM

Hi @lucky,

as also @yuanliu asked, you should better desctibe your requirement:

  • did you already ingested data?
  • did you installed the Add-Ons to correctly parse data?
  • are you speaking of Windows or Linux systems,

Anyway the answer depends on these information.

Supponing that you are speaking of windows systems, that you already installed the requested Add-On (Splunk_TA_Windows) and that you already ingested the requested data (perfmon:CPU and perfmon:Memory), you could run something like this:

index=windows sourcetype=WinHostMon Type=Processor $host$ 
| eval host=upper(host)
| dedup host 
| sort host
| table Name NumberOfCores Architecture ClockSpeedMHz Manufacturer
| rename name AS CPU  Manufacturer AS "CPU Manufacturer"

and

index=windows sourcetype=WinHostMon Type=OperatingSystem $host$
| eval host=upper(host)
| dedup host 
| sort host 
| eval 
   FreePhysicalMemoryGB=FreePhysicalMemoryKB/1024/1024,
   FreeVirtualMemoryGB=FreeVirtualMemoryKB/1024/1024,
   TotalPhysicalMemoryGB=TotalPhysicalMemoryKB/1024/1024,
   TotalVirtualMemoryGB=TotalVirtualMemoryKB/1024/1024,
   Virtual_mem_free_percent=FreeVirtualMemoryKB/TotalVirtualMemoryKB*100
| table FreePhysicalMemoryGB TotalPhysicalMemoryGB mem_free_percent FreeVirtualMemoryGB TotalVirtualMemoryGB Virtual_mem_free_percent  
| rename FreePhysicalMemoryGB AS "Free Physical Memory" TotalPhysicalMemoryGB AS "Total Physical Memory" mem_free_percent AS "Free Physical Memory%" FreeVirtualMemoryGB AS "Free Virtual Memory" TotalVirtualMemoryGB AS "Total Virtual Memory" Virtual_mem_free_percent AS "Free Virtual Memory%"

to adapt to your requirements.

Ciao.

Giuseppe

 

0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎09-05-2023 11:29 PM

To get help about data analysis, you want to explain what data you have (preferably with text illustration), key characteristics of data, illustrate your desired output, and the logic between data and output.

Hope this helps.

0 Karma
Reply
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...