I have an assignment, where the events under contents log measurements of diskusage of a Linux host.
read_ops |write_ops |read_KB |write_KB |servce_time |wait_time| device_bandwith_utilization(%) \ fields
The question is: what will the search query be here?
i need for example to make a search that makes a graph over field device_bandwith_utilization over time:
What i am thinking will be the correct answer is the following:
index="main" host="linux" collection="device_bandwith_utilization"
|timechart values(collection), then choose the tab visualization
does this seems correct for you guys ?
i am not able to test this because this events are just on paper.
... View more