Hello,

Trying to know, if it is possible to measure Memory Available using the sai_metrics_indexes. More details of the requirement is below:

I have a process which starts and then runs for quite some time. I am able to get the start time and end time of that process run using the below query:

index=test sourcetype="test:node" "processStart()" OR "processEnd()" | stats earliest(_time) AS Earliest, latest(_time) AS Latest | eval diff=Latest-Earliest | eval FirstEvent=strftime(Earliest,"%m/%d/%y %H:%M:%S") | eval LastEvent=strftime(Latest,"%m/%d/%y %H:%M:%S") | eval DiffEvent=strftime(diff,"%m/%d/%y %H:%M") | eval temp = tostring(diff,"duration") | eval NetTotalTime=replace(temp,"(\d*)\+*(\d+):(\d+):(\d+)","\1 days \2 hours \3 minutes \4 secs") | rename FirstEvent as ProcessStart, LastEvent as ProcessEnd
| table ProcessStart, ProcessEnd, NetTotalTime

ProcessStart returned from the above query is: 08/11/20 06:01:46

ProcessEnd returned from the above query is: 08/11/20 11:35:09

Now using this ProcessStart and ProcessEnd time, I want to find out my memory used, memory available during that time. In general I use the below query to find out the memory available:

| mstats avg(_value) prestats=true WHERE metric_name="Memory.Available_Bytes" AND "index"="em_metrics" AND "host"="abc" AND `sai_metrics_indexes` span=10s
| timechart avg(_value) AS Avg span=10s
| fields - _span*

Problem with the above query is that, it gives me the data according to the time range I specify in the time picker. Instead I want to search this query within my ProcessStart  and ProcessEnd.

Also, is it possible to use both the query in a single search so that I can generate a report from it.

Hope the question is clear. Looking forward to hear from someone soon 😊