Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About pollockm
pollockm
Engager
Member since:
06-30-2014
06-05-2020
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 06-30-2014 |
Activity Feed
- Karma Re: Getting PS data into CPU/Hours units for somesoni2. 06-05-2020 12:47 AM
- Posted Re: *Nix App - Network Throughput Calculations on All Apps and Add-ons. 09-02-2014 12:03 PM
- Posted Re: Getting PS data into CPU/Hours units on Splunk Search. 08-26-2014 11:46 AM
- Posted Re: Getting PS data into CPU/Hours units on Splunk Search. 08-26-2014 10:24 AM
- Posted Re: Getting PS data into CPU/Hours units on Splunk Search. 08-26-2014 10:05 AM
- Posted Re: Getting PS data into CPU/Hours units on Splunk Search. 08-26-2014 09:06 AM
- Posted Getting PS data into CPU/Hours units on Splunk Search. 08-26-2014 08:12 AM
- Tagged Getting PS data into CPU/Hours units on Splunk Search. 08-26-2014 08:12 AM
- Tagged Getting PS data into CPU/Hours units on Splunk Search. 08-26-2014 08:12 AM
- Tagged Getting PS data into CPU/Hours units on Splunk Search. 08-26-2014 08:12 AM
- Posted Re: can't download from apps.splunk.com on All Apps and Add-ons. 06-30-2014 11:00 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
09-02-2014
12:03 PM
The two example above work great, but I'm wondering if someone could elaborate on part of them. In the Thrupart Chart statement, at the end there is eval(sum(RX_Thruput_KB)/dc(time)). I don't understand why you are dividing by dc(time). Does it have something to do with setting the span in the timechart?
... View more
08-26-2014
11:46 AM
Ok, thanks. I think I was making this harder than it was when I tried it.
... View more
08-26-2014
10:24 AM
Ah, ok. With that change then, I think this answer would give you to large a number. (ie. Say cpu.sh was run every 5 minutes and the core was pegged at 97%Idle all day. Each event would calculate CPU_Hours to be 3%*24/100 (which by itself is the right answer). But then it would add up those 288 events for the day to get that days value. The part I'm unsure of how to do is the figuring out of the time since the last event (that's why i thought streamstats might come into play).
... View more
08-26-2014
10:05 AM
If each of those rows is a core, why do you need to multiply the percent NOT idle by 8? (Also, I'm not sure the units of what you calculate would be CPU Hours.) I'm working on writing up a better example. Thanks for your answer though, it's helping me think through this.
... View more
08-26-2014
09:06 AM
If the total utilzation for the day was 5%, I guess it would be .5*192
... View more
08-26-2014
08:12 AM
I'm working to deploy Splunk in an HPC environment and am trying to set up some metrics queries that I didn't see in the Splunk for *nix app. Specifically I'd like have a timechart that show cpu utilization per day for the month where the units are CPU/Hours. (ie. 1 CPU with 8 cores has 192 CPU hours per day). I'm pretty sure I need to use streamstats to get the daily values, but I'm having trouble figuring out how to get the data into the units I want.
Thanks for your insight.
Edit #1: Here's a better example of the metric I'm trying to get.
Sample system: 16 total cores
CPU-Hours per day = 16(cores)*24(hours) = 384
So if cpu.sh gives you the PercentIdle for each core at that instant you'd need to take the
time that has passed since the last measurement for a core and multiply that by the current
PercentIdle and divide by 100.
Example:
event 1: core 0 97%Idle, core 1 98%Idle time 00:00:00
event 2: core 0 97%Idle, core 1 97%Idle time 00:01:00
for core 0:
(60sec*3%)/100 = 1.8 CPU-Seconds = .0005 CPU-Hours
You'd add these values up in 1 day time spans.
edit #2
I'd be okay with an answer like this (but actually worked, this is broke). I think I was making this more complicated than it needed to be.:
index=os sourcetype=cpu host=x | eval percent_used=(100-pctIdle)|stats avg(percent_used) AS cpu_avg_used by CPU | timechart span=1d sum(((cpu_avg_used*24)/100))
Still new to writing queries.
... View more
