Splunk Search

How to generate a search to find the average Splunk CPU and Memory usage for 24 hours?

nnimbe
Path Finder

Hi All,

I want to get the Splunk average CPU and memory usage for 24 hours using a search. Can you please help in building the search?

0 Karma
1 Solution

swapsplunk
Explorer

Go under index=_introspection and sourcetype=splunk_resource_usage, you will find all necessary fields required to calculate CPU and memory (data.mem_used) and (data.pct_cpu) and then you can just plot chart command with an average value of those 2 fields for CPU and memory over last 24 hours

View solution in original post

swapsplunk
Explorer

Go under index=_introspection and sourcetype=splunk_resource_usage, you will find all necessary fields required to calculate CPU and memory (data.mem_used) and (data.pct_cpu) and then you can just plot chart command with an average value of those 2 fields for CPU and memory over last 24 hours

niketn
Legend

Have you looked at Monitoring Console or Distributed Management Console (Settings > Monitoring Console) in Splunk? It should give you access to CPU Memory and Disk usage stats with various aggregates.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

nnimbe
Path Finder

@niketnilay, yes, but in that it is showing showing CPU and Memory usage with various components and with various services and as per my requirement i want single value(avg) in percentage for CPU and Memory usage for 24 hours , which covers all other sub processes and components

0 Karma

niketn
Legend

@nnimbe... Are you looking at Resource Usage : Machine?

`dmc_set_index_introspection` host=<YourSplunkServerName> sourcetype=splunk_resource_usage component=Hostwide
| `dmc_timechart` Avg(data.cpu_system_pct) AS "system" 
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

nnimbe
Path Finder

@niketnilay , thanks but this query is not working in normal search and reporting app

and in distributed management console it is providing the output but the results are of for every 5 minute one value is coming

in our environment we have installed splunk on one server, my requirement is , i want average value of the CPU and Memory usage(single value) of that server in which splunk is installed for 24 hours,

for Example: if the total is 100%(CPU or Memory) how much utilization is happened on last 24 hours(avg), like 80% or
if physical memory is 30GB how much utilization is happened on last 24 hours(avg) , like 25 GB

like this the output is expected since we want single avg value because we want to include it in health check report

0 Karma

adonio
Ultra Champion

is it windows or linux?
you can just monitor the OS for cpu and mem performance. here is an example for windows checking memory index = perfmon source="Perfmon:Process" process_name=splunkd | timechart span=5m max(process_mem_used)

0 Karma

Supriya
Path Finder

@adonio @niketn 

could you provide a stanza for [perfmon://Process] to receive process_mem_used

 

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...