Solved: How to calculate max 3 cpu usage each day and when...

tarunmalhotra79 · ‎03-13-2020

The idea is to show up top 3 CPU Averages in a day for last 7 days.

Query Using:-
index=os sourcetype=ps host="Host1"
| timechart span=1h avg(pctCPU) as Avg_pctCPU

Here, I want to first sort the result and then using the limit command filter only top 3 results with maximum value for each day and then if i run the search for last 7 days then it should do the same thing and should give me the 21 results,

Top 3 results each day * 7 days. == Total 21 results

Thanks in advance

manjunathmeti · ‎03-13-2020

Hi @tarunmalhotra792,

Try this:

index=os sourcetype=ps host="Host1"
| timechart span=1h avg(pctCPU) as Avg_pctCPU
| bin _time span=1d
| top 3 Avg_pctCPU by _time

View solution in original post

manjunathmeti · ‎03-13-2020

Hi @tarunmalhotra792,

Try this:

index=os sourcetype=ps host="Host1"
| timechart span=1h avg(pctCPU) as Avg_pctCPU
| bin _time span=1d
| top 3 Avg_pctCPU by _time

tarunmalhotra79 · ‎03-13-2020

Thanks, It worked

How to calculate max 3 cpu usage each day and when ran for last 7 days, It should show 21 max CPU usage

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

How to calculate max 3 cpu usage each day and when ran for last 7 days, It should show 21 max CPU usage

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem