Solved: How to get the peak total memory usage splitt by d...

ajromero · ‎03-15-2023

Hi,

How can I make this search to display the peak by day

index=* sourcetype=Perfmon:Memory host=* |timechart span=7d | stats sparkline(avg(windows_mem_free)) as Trend avg(windows_mem_free) as Average, max(windows_mem_free) as Peak , latest(windows_mem_free) as Current, latest(_time) as "Last Updated" by host | convert ctime("Last Updated") | eval Peak=round((Peak)/1000,2) | eval Current=round((Current)/1000,2) | eval Average=round((Average)/1000,2)

Thank you,

ajromero · ‎03-16-2023

that worked but now I'm trying to convert the result to gigabytes

I tried this but it doesn't do it

| timechart span=1d max(windows_mem_free) as Peak by host |eval Peak=round((Peak/1024/1024/1024),2)

View solution in original post

ajromero · ‎03-16-2023

that worked but now I'm trying to convert the result to gigabytes

I tried this but it doesn't do it

| timechart span=1d max(windows_mem_free) as Peak by host |eval Peak=round((Peak/1024/1024/1024),2)

bowesmana · ‎03-15-2023

That search is not a valid search as the timechart has no aggregations

If you want to show peak of windows_mem_free by day, just do

index=* sourcetype=Perfmon:Memory host=*
| timechart span=1d max(windows_mem_free) as Peak by host

if you want to show it by host

How to get the peak total memory usage splitt by day

chart

eval

stats

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation