Splunk Search

How to display CPU stats by host, add all transactions from each server's logfile, and have that sum overlaying the CPU area graph?

rob3770
Explorer

I'm creating what at first seemed a simple search criteria, but here goes...
I have multiple servers and displaying CPU by host, but also scanning each server's log file for transaction numbers. I need to display the CPU stats by host, but add all the transactions and have that sum overlaying the CPU area graph.
Hope you're still with me and here is my code so far (sanitized)...

index=os OR index= (sourcetype=cpu OR sourcetype=)  host= source=/opt/ OR TXN="Elapsed time for this payment" | multikv fields pctSystem | timechart span=5m count(TXN) avg(pctSystem)

Cheers Splunkers

0 Karma

chimell
Motivator

Hi rob3770
Try this search code

host=* sourcetype=* TXN="Elapsed time for this payment" |transaction  CPU host  maxspan=7m  |timechart count(CPU) by host  span=5m

Enter in search bar and save it as dashboard , and go to visualisation app select area . For obtaining area graph.

0 Karma

rob3770
Explorer

Im now running this...

index=os OR index=wpg (sourcetype=cpu OR sourcetype=our_java) host=servername* "Elapsed time for this payment" NOT "HealthCheck" | transaction CPU host maxspan=7m | timechart count(cpu) by host span=5m

Thousands of Events are found and highlighted "Elapsed time for this payment" but the Statistics tab is showing zeros.
Sourcetype=cpu isnt found either, only Sourcetype=our_java.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...