timechart process of cpu usage of maximum PID

indeed_2000 · ‎07-14-2021

Hi
have log like below:
_time source cpu_load_percent process pctCPU cpuTIME PID
7/14/21 1:59:41.000 PM top 5.6 java 5.6 1:49.46 125353

here is my SPL
index="main" pctCPU="*" process="java" pctCPU>0

I have 3 java process that has uniq PID, Now I want to get timechart that show pctCPU of maximum PID.

Any idea?
Thanks

venkatasri · ‎07-14-2021

Can you try this?

index="main" pctCPU="*" process="java" pctCPU>0 
| timechart max(pctCPU) as max_cpu by PID

---

An upvote would be appreciated and Accept Solution if this reply helps!

indeed_2000 · ‎07-14-2021

Thank you for reply, no it's not work, I want maximum PID not pctCPU

I also try this but not work:

index="main" pctCPU="*" process="java" pctCPU>0
| timechart max(PID) as max_cpu by pctCPU

FYI: this work on real-time monitoring.

Any idea?

Thanks

Are you a member of the Splunk Community?