@splunk_luis12 Try the below queries:
index=stats sourcetype=top
| rename "%MEM" as Memory "%CPU" as CPU "USER PID" as user
| stats avg(Memory) as Memory avg(CPU) as CPU by user
Show as timechart:
index=stats sourcetype=top
| rename "%MEM" as Memory "%CPU" as CPU "USER PID" as user
| timechart avg(Memory) as Memory avg(CPU) as CPU by user
Showing single value:
index=stats sourcetype=top
| rename "%MEM" as Memory "%CPU" as CPU "USER PID" as user
| stats avg(Memory) as Memory
index=stats sourcetype=top
| rename "%MEM" as Memory "%CPU" as CPU "USER PID" as user
| stats avg(CPU) as CPU
There are many more options to be explored.
Also if this reply helped you in solving your problem an up-vote would be appreciated 👍
