Hi All,
I want to get the Splunk average CPU and memory usage for 24 hours using a search. Can you please help in building the search?
Go under index=_introspection and sourcetype=splunk_resource_usage, you will find all necessary fields required to calculate CPU and memory (data.mem_used) and (data.pct_cpu) and then you can just plot chart command with an average value of those 2 fields for CPU and memory over last 24 hours
Go under index=_introspection and sourcetype=splunk_resource_usage, you will find all necessary fields required to calculate CPU and memory (data.mem_used) and (data.pct_cpu) and then you can just plot chart command with an average value of those 2 fields for CPU and memory over last 24 hours
Have you looked at Monitoring Console or Distributed Management Console (Settings > Monitoring Console) in Splunk? It should give you access to CPU Memory and Disk usage stats with various aggregates.
@niketnilay, yes, but in that it is showing showing CPU and Memory usage with various components and with various services and as per my requirement i want single value(avg) in percentage for CPU and Memory usage for 24 hours , which covers all other sub processes and components
@nnimbe... Are you looking at Resource Usage : Machine?
`dmc_set_index_introspection` host=<YourSplunkServerName> sourcetype=splunk_resource_usage component=Hostwide
| `dmc_timechart` Avg(data.cpu_system_pct) AS "system"
@niketnilay , thanks but this query is not working in normal search and reporting app
and in distributed management console it is providing the output but the results are of for every 5 minute one value is coming
in our environment we have installed splunk on one server, my requirement is , i want average value of the CPU and Memory usage(single value) of that server in which splunk is installed for 24 hours,
for Example: if the total is 100%(CPU or Memory) how much utilization is happened on last 24 hours(avg), like 80% or
if physical memory is 30GB how much utilization is happened on last 24 hours(avg) , like 25 GB
like this the output is expected since we want single avg value because we want to include it in health check report
is it windows or linux?
you can just monitor the OS for cpu and mem performance. here is an example for windows checking memory index = perfmon source="Perfmon:Process" process_name=splunkd | timechart span=5m max(process_mem_used)