Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to plot max system load against the actual load?

jackpal
Path Finder
‎07-03-2018 08:21 AM

I have the following simple query:

index=os sourcetype=vmstat tag=dcv-na | eval MaxLoad = 28  | timechart  max(loadAvg1mi) as LoadAvg,max(MaxLoad) as MaxLoad by host

This works well enough but when multiple hosts are involved its gets busy due to the fact that eval is a plot for each host. I'd like just one line across the chart showing the max value for all hosts. Similar to how the licensing reports work.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎07-03-2018 08:24 AM

Then lets create the maxLoad line after your time chart like this

index=os sourcetype=vmstat tag=dcv-na  | timechart max(loadAvg1mi) as LoadAvg by host| eval MaxLoad = 28

View solution in original post

0 Karma
Reply
Solved! Jump to solution

jackpal
Path Finder
‎07-03-2018 08:32 AM

Some more details are probably in order. In the 30 day license report there is a dotted line for "Stack Size" I would like the max value plot to stand out more.

0 Karma
Reply
Solved! Jump to solution

jackpal
Path Finder
‎07-03-2018 08:28 AM

Thanks. Is there a way to label that line on the chart as MaxLoad. I'd like to point on on the chart that this is the maximum.

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎07-03-2018 08:24 AM

Then lets create the maxLoad line after your time chart like this

index=os sourcetype=vmstat tag=dcv-na  | timechart max(loadAvg1mi) as LoadAvg by host| eval MaxLoad = 28
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...