Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do you compare the average memory performance of 2 servers?

mboiz
New Member
‎11-23-2018 12:22 AM

Hi All,

Please help me create a query that compares cpu and memory with threshold performance in 1 month ( 4 data ) in 2 diff servers with a preview below

alt text

Tags (1)
Preview file
1 KB
0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎11-23-2018 06:37 AM

You didn't provide any of your search so this is a lot harder. But hopefully...

index=blah host=HostA OR host=HostB
| eval MyThreshold=.8
| timechart avg(CPU_Percent) AS CPU, avg(MEM_Percent) AS Memory avg(MyThreshold) AS Threshold BY host

If you wanted extra fanciness, you could also use perc95(CPU_Percent) to get the 95th percentile, or max(), or ... any of the other statistical and charting functions.

Happy Splunking,
Rich

Reply

Richfez
SplunkTrust
SplunkTrust
‎12-02-2018 05:07 AM

Has this answer helped you solve your problem? If so, please "Accept" it so the next person stumbling across it in a search will know that this worked.

If this is still unresolved, please provide more information on what's not working.

If this is resolved and you've found another answer - great! Post that here as an answer, and go ahead and mark it as Accepted! It's OK to gather karma for yourself occasionally like that.

0 Karma
Reply

mboiz
New Member
‎11-26-2018 01:04 AM

Thank you rich,

that way is i want, but why the result is only threshold ? no avg preview
i want to create 2 data memory & cpu from 2 servers with result above

Thanks

0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎11-26-2018 06:27 AM

The result is only threshold probably because you didn't provide me with any information about your fields. So I made up names, like "CPU_Percent". You have to fill those in because I don't know what they are.

Your question and answers haven't made one thing clear - where are you at in this endeavor? Do you have Splunk installed, are you collecting performance metrics or CPU stats or whatever you need already?

0 Karma
Reply

mboiz
New Member
‎12-16-2018 10:51 PM

here my query

host="121" OR host="122" sourcetype="cpu"

| timechart eval(round(avg(PercentUserTime),0)."%") span=w by host
| eval threshold=90

but graph cant appear likes on attachment

0 Karma
Reply
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...