Solved: Re: How to display load average values in a chart?

rajgowd1 · ‎01-19-2017

Hi,
i have written script which extracts the load average values and provides the output.by using below output, how can we create charts to display load average?

gokadroid · ‎01-19-2017

Since there is no time given in the sample so I will guess it. Let's say if load averages are being calculated at discrete intervals, i.e. the 15 min average does not have data included from the 5 minute average, and 5 minute average doesn't have 1 minute average in it, then if each "output" line is a single event the intuitive graph that becomes is:

index=yourIndex sourcetype=yourSourcetype loadaverage
| rex "value=\"(?<loadAvg>[^\"]+)\""
| timechart max(loadAvg) as LoadAvg

From the visualization options choose Format >> General >> Null Values as Connect to ensure the average stays continuous in case of missing values . That shall form the basic timechart at least to start off. Alternatively you can use min function in timechart.

View solution in original post

gokadroid · ‎01-19-2017

Since there is no time given in the sample so I will guess it. Let's say if load averages are being calculated at discrete intervals, i.e. the 15 min average does not have data included from the 5 minute average, and 5 minute average doesn't have 1 minute average in it, then if each "output" line is a single event the intuitive graph that becomes is:

index=yourIndex sourcetype=yourSourcetype loadaverage
| rex "value=\"(?<loadAvg>[^\"]+)\""
| timechart max(loadAvg) as LoadAvg

From the visualization options choose Format >> General >> Null Values as Connect to ensure the average stays continuous in case of missing values . That shall form the basic timechart at least to start off. Alternatively you can use min function in timechart.

rajgowd1 · ‎01-19-2017

thank you for your response.

rajgowd1 · ‎01-19-2017

can we show values in single line like below

0.00,0.20,10.00

gokadroid · ‎01-19-2017

you might want to explore the transpose option, something like:

index=yourIndex sourcetype=yourSourcetype loadaverage
| rex "value=\"(?<loadAvg>[^\"]+)\""
| table loadAvg
| transpose

somesoni2 · ‎01-19-2017

YOu may be missing the output that you wanted to show.

rajgowd1 · ‎01-19-2017

somehow i am not able to copy entire output,i copied single line
but here is the last column from the out put

name="loadaverage|last1min" value="0.00"
name="loadaverage|last5min" value="0.34"/>
name="loadaverage|last15min" value="5.00"/>

rajgowd1 · ‎01-19-2017

sorry here is the output

system time="Thu Jan 19 20:24:50 2017" HostName ="gpd-653-fc88" Days ="76" Users ="2" name="loadaverage|last1min" value="0.00"/>

How to display load average values in a chart?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation