Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

CPU & MEMORY utilization

lucky
Explorer
‎09-05-2023 10:46 PM

HI Team,

how to write search query for cpu & memory utilization 

 

please help on this 

 

thanks

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-05-2023 11:40 PM

Hi @lucky,

as also @yuanliu asked, you should better desctibe your requirement:

  • did you already ingested data?
  • did you installed the Add-Ons to correctly parse data?
  • are you speaking of Windows or Linux systems,

Anyway the answer depends on these information.

Supponing that you are speaking of windows systems, that you already installed the requested Add-On (Splunk_TA_Windows) and that you already ingested the requested data (perfmon:CPU and perfmon:Memory), you could run something like this:

index=windows sourcetype=WinHostMon Type=Processor $host$ 
| eval host=upper(host)
| dedup host 
| sort host
| table Name NumberOfCores Architecture ClockSpeedMHz Manufacturer
| rename name AS CPU  Manufacturer AS "CPU Manufacturer"

and

index=windows sourcetype=WinHostMon Type=OperatingSystem $host$
| eval host=upper(host)
| dedup host 
| sort host 
| eval 
   FreePhysicalMemoryGB=FreePhysicalMemoryKB/1024/1024,
   FreeVirtualMemoryGB=FreeVirtualMemoryKB/1024/1024,
   TotalPhysicalMemoryGB=TotalPhysicalMemoryKB/1024/1024,
   TotalVirtualMemoryGB=TotalVirtualMemoryKB/1024/1024,
   Virtual_mem_free_percent=FreeVirtualMemoryKB/TotalVirtualMemoryKB*100
| table FreePhysicalMemoryGB TotalPhysicalMemoryGB mem_free_percent FreeVirtualMemoryGB TotalVirtualMemoryGB Virtual_mem_free_percent  
| rename FreePhysicalMemoryGB AS "Free Physical Memory" TotalPhysicalMemoryGB AS "Total Physical Memory" mem_free_percent AS "Free Physical Memory%" FreeVirtualMemoryGB AS "Free Virtual Memory" TotalVirtualMemoryGB AS "Total Virtual Memory" Virtual_mem_free_percent AS "Free Virtual Memory%"

to adapt to your requirements.

Ciao.

Giuseppe

 

0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎09-05-2023 11:29 PM

To get help about data analysis, you want to explain what data you have (preferably with text illustration), key characteristics of data, illustrate your desired output, and the logic between data and output.

Hope this helps.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...