I am having problems calculating the average memory utilization over different time spans.
Not sure if I'm doing this the right way. I need ideas.
index=perfmon counter="Available MBytes" collection=Memory host=megatron earliest=-7d |bucket span=1m _time |stats avg(Value) as AvgValue min(Value) as MinValue max(Value) as MaxValue by _time host | dedup host | eval AvgValue = round(AvgValue/1024 ,1) | eval MinValue = round(MinValue/1024,1) | eval MaxValue = round(MaxValue/1024,1)
Easiest option and easy to read will be this
index=perfmon counter="Available MBytes" collection=Memory host=megatron earliest=-30d |stats avg(Value) as AvgValue_Last30d min(Value) as MinValue_Last30d max(Value) as MaxValue_Last30d by host | eval AvgValue_Last30d = round(AvgValue_Last30d/1024 ,1) | eval MinValue_Last30d = round(MinValue_Last30d/1024,1) | eval MaxValue_Last30d = round(MaxValue_Last30d/1024,1)
| append [search index=perfmon counter="Available MBytes" collection=Memory host=megatron earliest=-7d |stats avg(Value) as AvgValue_Last7d min(Value) as MinValue_Last7d max(Value) as MaxValue_Last7d by host | eval AvgValue_Last7d = round(AvgValue_Last7d/1024 ,1) | eval MinValue_Last7d = round(MinValue_Last7d/1024,1) | eval MaxValue_Last7d = round(MaxValue_Last7d/1024,1)]
| append [search index=perfmon counter="Available MBytes" collection=Memory host=megatron earliest=-4h |stats avg(Value) as AvgValue_Last4h min(Value) as MinValue_Last4h max(Value) as MaxValue_Last4h by host | eval AvgValue_Last4h = round(AvgValue_Last4h/1024 ,1) | eval MinValue_Last4h = round(MinValue_Last4h/1024,1) | eval MaxValue_Last4h = round(MaxValue_Last4h/1024,1)]
| stats values(*) as * by host
Easiest option and easy to read will be this
index=perfmon counter="Available MBytes" collection=Memory host=megatron earliest=-30d |stats avg(Value) as AvgValue_Last30d min(Value) as MinValue_Last30d max(Value) as MaxValue_Last30d by host | eval AvgValue_Last30d = round(AvgValue_Last30d/1024 ,1) | eval MinValue_Last30d = round(MinValue_Last30d/1024,1) | eval MaxValue_Last30d = round(MaxValue_Last30d/1024,1)
| append [search index=perfmon counter="Available MBytes" collection=Memory host=megatron earliest=-7d |stats avg(Value) as AvgValue_Last7d min(Value) as MinValue_Last7d max(Value) as MaxValue_Last7d by host | eval AvgValue_Last7d = round(AvgValue_Last7d/1024 ,1) | eval MinValue_Last7d = round(MinValue_Last7d/1024,1) | eval MaxValue_Last7d = round(MaxValue_Last7d/1024,1)]
| append [search index=perfmon counter="Available MBytes" collection=Memory host=megatron earliest=-4h |stats avg(Value) as AvgValue_Last4h min(Value) as MinValue_Last4h max(Value) as MaxValue_Last4h by host | eval AvgValue_Last4h = round(AvgValue_Last4h/1024 ,1) | eval MinValue_Last4h = round(MinValue_Last4h/1024,1) | eval MaxValue_Last4h = round(MaxValue_Last4h/1024,1)]
| stats values(*) as * by host
Hi somesoni,
Is there a way to use the anomalies command to find the anomalies that exist for each variable in respect to _last 4 hours?
You want to show avg memory utilization (for a host OR all host) and show different column for last 4 hour, last 7 days and last 30 days period?
Yes ! for a host and show different column for last 4 hour, last 7 days and last 30 days period.
Curious to see how its done for all host as well 😉