i am trying to use the dashboard that sos app is supporting
when i click result i can get this search query
index=sos sourcetype="ps" host="SIS1-SERVER1"
| multikv
| eval type=case(like(ARGS, "%search%"),"searches",like(ARGS, "%root.py_%start%") OR like(COMMAND, "%splunkweb%") OR (like(COMMAND,"%python%") AND like(ARGS,"%appserver%")), "Splunk Web",like(ARGS,"%-p_%start%") OR (like(COMMAND,"%splunkd%") AND like(ARGS, "service")),"splunkd server")
| eval RSZ_MB=RSZ_KB/1024
| eval VSZ_MB=VSZ_KB/1024
| bin _time span=5s
| stats first(pctCPU) AS pctCPU, first(RSZ_MB) AS RSZ_MB, first(VSZ_MB) AS VSZ_MB first(type) AS type by PID _time
| stats sum(pctCPU) AS pctCPU, sum(RSZ_MB) AS RSZ_MB, sum(VSZ_MB) AS VSZ_MB by type, _time
| bin _time span=10s
| sistats avg(pctCPU), median(pctCPU), median(RSZ_MB), median(VSZ_MB) by type, _time
but! when i tried it in my own dashboard this didn't work like the app dashboard
what can i do
i tried timechart but the result was different .
... View more