Solved: Re: get the peak total memory usage splitt by day

ajromero · ‎03-15-2023

Hi,

How can I make this search to display the peak by day

index=* sourcetype=Perfmon:Memory host=* |timechart span=7d | stats sparkline(avg(windows_mem_free)) as Trend avg(windows_mem_free) as Average, max(windows_mem_free) as Peak , latest(windows_mem_free) as Current, latest(_time) as "Last Updated" by host | convert ctime("Last Updated") | eval Peak=round((Peak)/1000,2) | eval Current=round((Current)/1000,2) | eval Average=round((Average)/1000,2)

Thank you,

ajromero · ‎03-16-2023

that worked but now I'm trying to convert the result to gigabytes

I tried this but it doesn't do it

| timechart span=1d max(windows_mem_free) as Peak by host |eval Peak=round((Peak/1024/1024/1024),2)

View solution in original post

ajromero · ‎03-16-2023

that worked but now I'm trying to convert the result to gigabytes

I tried this but it doesn't do it

| timechart span=1d max(windows_mem_free) as Peak by host |eval Peak=round((Peak/1024/1024/1024),2)

bowesmana · ‎03-15-2023

That search is not a valid search as the timechart has no aggregations

If you want to show peak of windows_mem_free by day, just do

index=* sourcetype=Perfmon:Memory host=*
| timechart span=1d max(windows_mem_free) as Peak by host

if you want to show it by host

How to get the peak total memory usage splitt by day

chart

eval

stats

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation