I am sorry if my questions are naive , but after some working around I was able to extract some CPU information
index=oslogs AND host=xxxxxx AND sourcetype=top AND pctCPU>0 | stats avg(pctCPU) as avgCPU by PID
however the PID will change on redeployment and restart of service , is there a way to get the process name to get the same query
Hi @ARaman77 you should provide us some more details.. the logs from the systems are already ingested to splunk or not yet? did you use some add-ons?
if the CPU/memory logs are already ingested to splunk, then, you can run some search query and show us how the logs look like, so that we can fine-tune and get the cpu/memory details you wanted.