Correct Search string for Memory and CPU utilizati...

anzar_ahsan · ‎06-08-2018

Hello,

I am trying to create a dashboard report of CPU Utilization and Memory used for each of my application components for application logs. The dashboard should contain the line chart graph.

Using below search string but not getting the appropriate results :-
host="" SystemCPU_Usage="*" | eval SystemCPU_Usage=mvindex(split(SystemCPU_Usage," "),-1) | timechart avg(SystemCPU_Usage) by source

Below is the sample content of log files :-
A.log - 2018-06-01 14:55:45,303Z (09:55) [Event Sink Thread Pool Thread 2] INFO com.abc.xyz.A.EnvironmentImpl - Memory used 575mb, allocated 879mb, max 910mb (63%) Our cpu usage 1%, system cpu used 4% GC time 0%

B.log - 2018-05-26 21:05:30,131Z (16:05) [Event Sink Thread Pool Thread 1] INFO com.abc.xyz.B.ServerImpl - Memory used 233mb, allocated 585mb, max 910mb (25%) Our cpu usage 0%, system cpu used 4% GC time 0%

C.log - 2018-05-28 07:14:34,867Z (02:14) [Event Sink Thread Pool Thread 2] INFO com.abc.xyz.C.ServerImpl - Memory used 150mb, allocated 253mb, max 910mb (16%) Our cpu usage 0%, system cpu used 4% GC time 0%

Please suggest me the correct search string.

Thanks.

ansif · ‎06-11-2018

Hope you completed field extraction for both CPU and memory?

SystemCPU_Usage, this field is not available by default.

Correct Search string for Memory and CPU utilization

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7