Solved: How to get the peak total memory usage splitt by d...

ajromero · ‎03-15-2023

Hi,

How can I make this search to display the peak by day

index=* sourcetype=Perfmon:Memory host=* |timechart span=7d | stats sparkline(avg(windows_mem_free)) as Trend avg(windows_mem_free) as Average, max(windows_mem_free) as Peak , latest(windows_mem_free) as Current, latest(_time) as "Last Updated" by host | convert ctime("Last Updated") | eval Peak=round((Peak)/1000,2) | eval Current=round((Current)/1000,2) | eval Average=round((Average)/1000,2)

Thank you,

ajromero · ‎03-16-2023

that worked but now I'm trying to convert the result to gigabytes

I tried this but it doesn't do it

| timechart span=1d max(windows_mem_free) as Peak by host |eval Peak=round((Peak/1024/1024/1024),2)

View solution in original post

ajromero · ‎03-16-2023

that worked but now I'm trying to convert the result to gigabytes

I tried this but it doesn't do it

| timechart span=1d max(windows_mem_free) as Peak by host |eval Peak=round((Peak/1024/1024/1024),2)

bowesmana · ‎03-15-2023

That search is not a valid search as the timechart has no aggregations

If you want to show peak of windows_mem_free by day, just do

index=* sourcetype=Perfmon:Memory host=*
| timechart span=1d max(windows_mem_free) as Peak by host

if you want to show it by host

How to get the peak total memory usage splitt by day

chart

eval

stats

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Join the Conversation