Re: How to create a report showing percentage CPU ...

idab · ‎08-27-2015

Hi guys,

I'm trying to create a bar chart that shows the min, avg, and max for five specific servers. The chart shows the whenever a server cpu/processor time crosses the threshold of 75 percent.?

I have an existing search I created below, but not coming along as planned.

(index =perfmon collection="*" Host="DS-*") index=perfmon counter="*" collection="*" Host!="ds-08"  Host!="ds-07"  Host!="DS-ME"  Host!="ds-mes" counter="*"  counter="% Processor Time" | bucket _time span=1m    avg(Value) AS AVG  min(Value) AS MIN max(Value) AS MAX by host | sort -host | eval AVG=round(AVG,2)   | eval MIN=round(MIN,2)   | eval MAX=round(MAX,2)

somesoni2 · ‎08-27-2015

Give this a try

(index =perfmon collection="*" Host="DS-*") index=perfmon counter="*" collection="*" Host!="ds-08"  Host!="ds-07"  Host!="DS-ME"  Host!="ds-mes" counter="*"  counter="% Processor Time" | bucket _time span=1m    | stats avg(Value) AS AVG  min(Value) AS MIN max(Value) AS MAX by host | sort -host | eval AVG=round(AVG,2)   | eval MIN=round(MIN,2)   | eval MAX=round(MAX,2) | where AVG>=75 OR MIN>=75 OR MAX>=75

idab · ‎08-27-2015

hi somesoni2,
Appreciate the feedback.Quick question:
Is there a way to show the raw values between the specified time span of 1m using the same search?

somesoni2 · ‎08-27-2015

How frequently you're perfmon input runs? If it runs every 60, they Avg, min or max will give raw values only.

idab · ‎09-02-2015

Hi somesoni2,
Thanks for the feedback.
Regarding your question "How frequently do you perfmon input runs?" - Not sure .I'm newbie on Splunk.Can you point me in the right direction to find that information?

PGrantham · ‎08-27-2015

It looks like you're missing a | stats/chart after the | bucket _time span=1m

Not sure if that was just a copy-paste error, but if not that would definitely cause a failure. 🙂

Also, I'm not sure I completely understand your question. Is the problem you're having that you aren't getting a chart as you would expect or is it that the chart is including cpu/processor times prior to crossing the 75% threshold or something else?

idab · ‎08-27-2015

hi somesoni2,

Thanks for the feedback.
Yes, as you asked : not getting the chart I want- The picture I have below is my thoughts.Hopefully, I don't need d3 to do this. 🙂

http://answers.splunk.com/storage/temp/56223-idea.jpg

PGrantham · ‎08-27-2015

It sounds like you're wanting to use the "Marker Gauge" visualization.

Once you've run your search, try selecting the "Visualization" tab then selecting the far left dropdown underneath the tab. Choose "Marker Gauge", then select the "Format" dropdown, select "Color Ranges", then "Manual". There you should be able to adjust the thresholds however you like.

Depending on your Splunk version you should be able to create the same visualization on a dashboard panel.

idab · ‎08-27-2015

Hi PGrantham,

The Marker Gauge might be an option but just wondering how you would display the cpu time for each server with the data?

https://answers.splunk.com/storage/temp/56224-marker-gauge.jpg

idab · ‎08-27-2015

https://answers.splunk.com/storage/temp/56224-marker-gauge.jpg

How to create a report showing percentage CPU usage for multiple servers?

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!