Splunk Search

How to generate a search to find the average Splunk CPU and Memory usage for 24 hours?

Path Finder

Hi All,

I want to get the Splunk average CPU and memory usage for 24 hours using a search. Can you please help in building the search?

0 Karma
1 Solution

Explorer

Go under index=introspection and sourcetype=splunkresourceusage, you will find all necessary fields required to calculate CPU and memory (data.memused) and (data.pct_cpu) and then you can just plot chart command with an average value of those 2 fields for CPU and memory over last 24 hours

View solution in original post

Explorer

Go under index=introspection and sourcetype=splunkresourceusage, you will find all necessary fields required to calculate CPU and memory (data.memused) and (data.pct_cpu) and then you can just plot chart command with an average value of those 2 fields for CPU and memory over last 24 hours

View solution in original post

SplunkTrust
SplunkTrust

Have you looked at Monitoring Console or Distributed Management Console (Settings > Monitoring Console) in Splunk? It should give you access to CPU Memory and Disk usage stats with various aggregates.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

Path Finder

@niketnilay, yes, but in that it is showing showing CPU and Memory usage with various components and with various services and as per my requirement i want single value(avg) in percentage for CPU and Memory usage for 24 hours , which covers all other sub processes and components

0 Karma

SplunkTrust
SplunkTrust

@nnimbe... Are you looking at Resource Usage : Machine?

`dmc_set_index_introspection` host=<YourSplunkServerName> sourcetype=splunk_resource_usage component=Hostwide
| `dmc_timechart` Avg(data.cpu_system_pct) AS "system" 
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

Path Finder

@niketnilay , thanks but this query is not working in normal search and reporting app

and in distributed management console it is providing the output but the results are of for every 5 minute one value is coming

in our environment we have installed splunk on one server, my requirement is , i want average value of the CPU and Memory usage(single value) of that server in which splunk is installed for 24 hours,

for Example: if the total is 100%(CPU or Memory) how much utilization is happened on last 24 hours(avg), like 80% or
if physical memory is 30GB how much utilization is happened on last 24 hours(avg) , like 25 GB

like this the output is expected since we want single avg value because we want to include it in health check report

0 Karma

SplunkTrust
SplunkTrust

is it windows or linux?
you can just monitor the OS for cpu and mem performance. here is an example for windows checking memory index = perfmon source="Perfmon:Process" process_name=splunkd | timechart span=5m max(process_mem_used)

0 Karma