index=abc search_name="abc_MEMORY_SUMMARY" |
lookup abc-environments host AS orig_host OUTPUT environment |
search orig_host=SomeSpecificServer| timechart span=1min avg(eval((Avg_MemoryKb/Total_MemoryKb)*100)) as Memory by orig_host limit=0 |
WHERE Memory > 90
This is my search; here I want to chart out the servers who have a memory consumption of over 90%, but the result is not satisfactory. I get almost every server with 50% memory consumption which is ideally not possible.
Also, I was wondering if I could create a lookup (without modifying my props.conf & transform.conf) and first list out the memory of all the hosts listed under my index? But I'm not sure if this is something achievable. Pardon me if this is something very simple. I am on my learning curve for SPLUNK. 🙂 Thank you for your time.
... View more