Correct Search string for Memory and CPU utilizati...

anzar_ahsan · ‎06-08-2018

Hello,

I am trying to create a dashboard report of CPU Utilization and Memory used for each of my application components for application logs. The dashboard should contain the line chart graph.

Using below search string but not getting the appropriate results :-
host="" SystemCPU_Usage="*" | eval SystemCPU_Usage=mvindex(split(SystemCPU_Usage," "),-1) | timechart avg(SystemCPU_Usage) by source

Below is the sample content of log files :-
A.log - 2018-06-01 14:55:45,303Z (09:55) [Event Sink Thread Pool Thread 2] INFO com.abc.xyz.A.EnvironmentImpl - Memory used 575mb, allocated 879mb, max 910mb (63%) Our cpu usage 1%, system cpu used 4% GC time 0%

B.log - 2018-05-26 21:05:30,131Z (16:05) [Event Sink Thread Pool Thread 1] INFO com.abc.xyz.B.ServerImpl - Memory used 233mb, allocated 585mb, max 910mb (25%) Our cpu usage 0%, system cpu used 4% GC time 0%

C.log - 2018-05-28 07:14:34,867Z (02:14) [Event Sink Thread Pool Thread 2] INFO com.abc.xyz.C.ServerImpl - Memory used 150mb, allocated 253mb, max 910mb (16%) Our cpu usage 0%, system cpu used 4% GC time 0%

Please suggest me the correct search string.

Thanks.

ansif · ‎06-11-2018

Hope you completed field extraction for both CPU and memory?

SystemCPU_Usage, this field is not available by default.

Correct Search string for Memory and CPU utilization

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

First Steps with Splunk SOAR

How To Build a Self-Service Observability Practice with Splunk Observability Cloud

Are you a member of the Splunk Community?

Correct Search string for Memory and CPU utilization

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

First Steps with Splunk SOAR

How To Build a Self-Service Observability Practice with Splunk Observability Cloud