Hi All, i am using below search to monitor a status of process based on PID and usage we have tried by stopping the service ,PID got changed how we can determine when it stopped, when using below...
See more...
Hi All, i am using below search to monitor a status of process based on PID and usage we have tried by stopping the service ,PID got changed how we can determine when it stopped, when using below search not getting OLD PID in the table, which was showing latest how can modify index=Test1 host="testserver" (source=ps COMMAND=*cybAgent*) | stats latest(cpu_load_percent) as "CPU %", latest(PercentMemory) as "MEM %", latest(RSZ_KB) as "Resident Memory (KB)", latest(VSZ_KB) as "Virtual Memory (KB)",latest(PID) as "PID" ,latest(host) as "host" by COMMAND | eval Process_Status = case(isnotnull('CPU %') AND isnotnull('MEM %'), "Running", isnull('CPU %') AND isnull('MEM %'), "Not Running", 1=1, "Unknown") | table host,"CPU %", "MEM %", "Resident Memory (KB)", "Virtual Memory (KB)", Process_Status,COMMAND,PID | eval Process_Status = coalesce(Process_Status, "Unknown") | rename "CPU %" as "CPU %", "MEM %" as "MEM %" | fillnull value="N/A"