Solved: How to get the peak total memory usage splitt by d...

ajromero · ‎03-15-2023

Hi,

How can I make this search to display the peak by day

index=* sourcetype=Perfmon:Memory host=* |timechart span=7d | stats sparkline(avg(windows_mem_free)) as Trend avg(windows_mem_free) as Average, max(windows_mem_free) as Peak , latest(windows_mem_free) as Current, latest(_time) as "Last Updated" by host | convert ctime("Last Updated") | eval Peak=round((Peak)/1000,2) | eval Current=round((Current)/1000,2) | eval Average=round((Average)/1000,2)

Thank you,

ajromero · ‎03-16-2023

that worked but now I'm trying to convert the result to gigabytes

I tried this but it doesn't do it

| timechart span=1d max(windows_mem_free) as Peak by host |eval Peak=round((Peak/1024/1024/1024),2)

View solution in original post

ajromero · ‎03-16-2023

that worked but now I'm trying to convert the result to gigabytes

I tried this but it doesn't do it

| timechart span=1d max(windows_mem_free) as Peak by host |eval Peak=round((Peak/1024/1024/1024),2)

bowesmana · ‎03-15-2023

That search is not a valid search as the timechart has no aggregations

If you want to show peak of windows_mem_free by day, just do

index=* sourcetype=Perfmon:Memory host=*
| timechart span=1d max(windows_mem_free) as Peak by host

if you want to show it by host

How to get the peak total memory usage splitt by day

chart

eval

stats

The All New Performance Insights for Splunk

Good Sourcetype Naming

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Are you a member of the Splunk Community?