Solved: How can I find the average memory utilization for ...

sy43165 · ‎02-19-2015

This is a tough problem to even describe but I’ll give it a shot. I have an index that contains machine performance data for users and the machines they log onto. The data in the index is summarized into 1 hour increments. I would like to use the cpu_mhz_used field to find the busiest eight hours per user per day and then average the memory used for the time range chosen in the time picker. Said another way, I would like to find the average memory used for each user for the busiest eight hours of each day. Each user should have a maximum of eight busiest hours per day, even if they login to multiple machines.

Here is a small subset of the data.

_time user_name machine_name cpu_mhz_used memory_used
01/14/2015 13:30 user1 machine1 343 2707.604492
01/14/2015 14:30 user1 machine1 384 2711.213867
01/14/2015 15:30 user1 machine2 365 2001.279297
01/14/2015 15:30 user1 machine1 365 2736.143555
01/14/2015 16:30 user1 machine2 252 2209.796875
01/14/2015 16:30 user1 machine1 378 2734.118164
01/14/2015 17:30 user1 machine2 265 2239.34668
01/14/2015 17:30 user1 machine1 352 2746.083984

sy43165 · ‎02-19-2015

Ok, I think I figured it out with the help of this answer to get me on the right track.
http://answers.splunk.com/answers/177149/how-to-get-1st-2nd-and-3rd-place-results-based-on.html

View solution in original post

sy43165 · ‎02-19-2015

Ok, I think I figured it out with the help of this answer to get me on the right track.
http://answers.splunk.com/answers/177149/how-to-get-1st-2nd-and-3rd-place-results-based-on.html

How can I find the average memory utilization for busiest eight hours based on CPU utilization

New in Observability Cloud - Explicit Bucket Histograms

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...