Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do you compare the average memory performance of 2 servers?

mboiz
New Member
‎11-23-2018 12:22 AM

Hi All,

Please help me create a query that compares cpu and memory with threshold performance in 1 month ( 4 data ) in 2 diff servers with a preview below

alt text

Tags (1)
Preview file
16 KB
0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎11-23-2018 06:37 AM

You didn't provide any of your search so this is a lot harder. But hopefully...

index=blah host=HostA OR host=HostB
| eval MyThreshold=.8
| timechart avg(CPU_Percent) AS CPU, avg(MEM_Percent) AS Memory avg(MyThreshold) AS Threshold BY host

If you wanted extra fanciness, you could also use perc95(CPU_Percent) to get the 95th percentile, or max(), or ... any of the other statistical and charting functions.

Happy Splunking,
Rich

Reply

Richfez
SplunkTrust
SplunkTrust
‎12-02-2018 05:07 AM

Has this answer helped you solve your problem? If so, please "Accept" it so the next person stumbling across it in a search will know that this worked.

If this is still unresolved, please provide more information on what's not working.

If this is resolved and you've found another answer - great! Post that here as an answer, and go ahead and mark it as Accepted! It's OK to gather karma for yourself occasionally like that.

0 Karma
Reply

mboiz
New Member
‎11-26-2018 01:04 AM

Thank you rich,

that way is i want, but why the result is only threshold ? no avg preview
i want to create 2 data memory & cpu from 2 servers with result above

Thanks

0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎11-26-2018 06:27 AM

The result is only threshold probably because you didn't provide me with any information about your fields. So I made up names, like "CPU_Percent". You have to fill those in because I don't know what they are.

Your question and answers haven't made one thing clear - where are you at in this endeavor? Do you have Splunk installed, are you collecting performance metrics or CPU stats or whatever you need already?

0 Karma
Reply

mboiz
New Member
‎12-16-2018 10:51 PM

here my query

host="121" OR host="122" sourcetype="cpu"

| timechart eval(round(avg(PercentUserTime),0)."%") span=w by host
| eval threshold=90

but graph cant appear likes on attachment

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...