Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to customize x-axis and y-axis?

coolUsername
Explorer
‎08-25-2022 03:55 AM

I want to create a chart that show all the services being executed and the percentage of cpu used.

I tried this after reading the documentation but it doesn't work.

 

 

 

index=perfmon ProcessName="*" | chart count(cpu_load_percent) over ProcessName

 

 

 

 

Labels (3)
Labels
0 Karma
Reply

coolUsername
Explorer
‎09-02-2022 12:25 AM

Sorry for answering this late. I think i misexplained, i just assumed that ProcessName is related to the services running and cpu_load_percent is the percentage of cpu used. And even if they are not related, they certainly vary over time. So i want to make my chart not to be a timechart and show the two fields. Thank you in advance. Also if the fields i am using are not correct tell me 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-25-2022 06:49 AM

First, verify you are receiving events with the cpu_load_percent field in them.  That the count of the field is zero implies you do not have the data.

Second, you probably don't want the count function because the counting the number of instances of this field is not as useful as knowing the value of the field.  Perhaps max(cpu_load_percent) would be better.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

coolUsername
Explorer
‎08-25-2022 06:57 AM

i receive events when i do separates searchs, one with cpu_load_percent, and the other with processName, but not with both fields, and this is what i get when i dont add the count function:cpu_load_percent.PNG

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-25-2022 09:10 AM

Before you can graph the relationship between processName and cpu_load_percent you must first establish such a relationship.  The two searches that return the separate fields need to be combined so you have both fields in the results.  Share the searches and we can help you put them together.

---
If this reply helps you, Karma would be appreciated.
Reply

coolUsername
Explorer
‎08-26-2022 12:28 AM

search for cpu_load_percent

index=perfmon cpu_load_percent=*

 

search for ProcessName

index=perfmon ProcessName
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-26-2022 09:35 AM

That's not much to work with.  What links a processName to its cpu_load_percent?

---
If this reply helps you, Karma would be appreciated.
Reply

coolUsername
Explorer
‎08-29-2022 12:23 AM

The variation of the cpu depends on the process running. its like when i open the windows task manager, it show the process which is running and the percentage of cpu used. I want to make a chart of all the process running and the percentage of cpu used. Hope i explained it correctly. 

Preview file
40 KB
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-29-2022 05:27 AM

Splunk is not looking at the Task Manager.  It has two searches with two different and distinct fields and nothing to link them.  Check your data to see if there are other fields that can be used to associate a processName with its cpu_load_percent.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-25-2022 05:27 AM

Please elaborate on "it doesn't work".  What results did you get and how did they not meet expectations?

---
If this reply helps you, Karma would be appreciated.
Reply

coolUsername
Explorer
‎08-25-2022 06:03 AM

coolUsername_0-1661431967314.png

this is what i get when i do the search, the value of cpu_user_percent is equal to zero, which is not normal but i its because the fields are not compatibles. I apologize for my bad english

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...