Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

free vs. used visualization ideas?

Justin_Grant
Contributor
‎07-17-2010 03:51 AM

I'd like to chart free memory vs. used memory over time on the same Splunk dashboard module. I'm trying to figure out a good visualization to use.

This sounds like a pretty common charting use-case. Splunk experts: how have you visualized free vs. used metrics in your own reports, and what Splunk commands did you use to create that visualization?

Tags (1)
Reply

Stephen_Sorkin
Splunk Employee
Splunk Employee
‎08-17-2010 05:29 PM

I typically use a stacked area or column chart to represent free vs. used quantities. This is because together the free+used should equal the total in the system. Of course, in some metrics, the OS itself will take a slice that's either unreported or reported as buffers/cached. If you want to preserve the relative usage regardless of system usage, you can switch from an ordinary stacked chart to a 100% stacked chart.

Assuming that you have two fields in your time-series data, one for free and one for used, you can just use timechart: ... | timechart median(free) median(used). If you want to look at extremal behavior, use min(free) and max(used).

Reply
Get Updates on the Splunk Community!

Splunk Platform | Upgrading your Splunk Deployment to Python 3.9

Splunk initially announced the removal of Python 2 during the release of Splunk Enterprise 8.0.0, aiming to ...

From Product Design to User Insights: Boosting App Developer Identity on Splunkbase

co-authored by Yiyun Zhu & Dan Hosaka Engaging with the Community at .conf24 At .conf24, we revitalized the ...

Detect and Resolve Issues in a Kubernetes Environment

We’ve gone through common problems one can encounter in a Kubernetes environment, their impacts, and the ...