Splunk Search

How to calculate the total CPU by top result

wisespot
New Member

Hi, all, I am a newbie in splunk. I have encounter a problem when play around with *NIX app in Splunk. I am going to calculate the total CPU usage in each minutes

   PID  USER              PR    NI    VIRT     RES     SHR   S  pctCPU  pctMEM       cpuTIME  COMMAND
 32206  root              15     0    298m    129m     10m   S    19.3     0.8      15:46.08  splunkd
 14559  root              15     0   13016    1224     708   R     3.9     0.0       0:00.03  top
     1  root              15     0   10348     684     576   S     0.0     0.0       0:04.85  init
     2  root              RT    -5       0       0       0   S     0.0     0.0       0:00.08  migration/0
     3  root              34    19       0       0       0   S     0.0     0.0       0:00.00  ksoftirqd/0
     4  root              RT    -5       0       0       0   S     0.0     0.0       0:00.00  watchdog/0
     5  root              RT    -5       0       0       0   S     0.0     0.0       0:00.13  migration/1
     6  root              34    19       0       0       0   S     0.0     0.0       0:00.00  ksoftirqd/1
     7  root              RT    -5       0       0       0   S     0.0     0.0       0:00.00  watchdog/1

I don't know how to extract the pctCPU value. Any hint?

Thank you.

Regards, Alister

Tags (1)
0 Karma

ziegfried
Influencer

The multikv command helps you to split the tabular formatted events in to separate ones.

You can use a query like this:

sourcetype=ps | multikv | stats sum(pctCPU) as sumPctCPU by _time,host | timechart span=1m avg(sumPctCPU) by host
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...