Solved: How to graph timechart of top 5 processes for the ...

vaishnavi07 · ‎08-27-2014

Hi All. If the user selects %_Processor_Time,then I need to show the graph for avg(%_Processor_Time) for top 5 processes that consumes %_Processor_Time. I got the top 5 processes using the search but unable to write the timechart command in the same query to display graph.

Ayn · ‎08-28-2014

Throw it all into a subsearch that returns the processes, then run your timechart command in the outer search:

index=winserver_process sourcetype="PerfmonMk:Process" NOT instance=Idle NOT instance=_Total host="ddweng09" [search index=winserver_process sourcetype="PerfmonMk:Process" NOT instance=Idle NOT instance=_Total host="ddweng09" | eval Process=upper(instance) | table Process %_Processor_Time | sort - %_Processor_Time | dedup Process | head 5 | fields Process] | timechart avg(%_Processor_Time) by Process

View solution in original post

Ayn · ‎08-28-2014

Throw it all into a subsearch that returns the processes, then run your timechart command in the outer search:

index=winserver_process sourcetype="PerfmonMk:Process" NOT instance=Idle NOT instance=_Total host="ddweng09" [search index=winserver_process sourcetype="PerfmonMk:Process" NOT instance=Idle NOT instance=_Total host="ddweng09" | eval Process=upper(instance) | table Process %_Processor_Time | sort - %_Processor_Time | dedup Process | head 5 | fields Process] | timechart avg(%_Processor_Time) by Process

vaishnavi07 · ‎09-02-2014

Thanks I used the same and its working.

vaishnavi07 · ‎08-27-2014

Can anyone please help me on this?

How to graph timechart of top 5 processes for the metric selected by the user?

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!