- Splunk Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- How to calculate memory utilization with perfmon K...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to calculate memory utilization with perfmon KPI's ?
Hi I want to show avg memory utilization of windows servers using Perfom KPI's. Below are the perfmon kpi's avilable
Perfmon: Memory
Perfmon:Available Memory
How do i calculate.. Please help with the query
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Since Total Memory is a static number, you can go either the way, Below is the search, assumes you are pulling from Perfmon:
index=perfmon sourcetype=perfmon
object="Memory" (counter="Memory" OR counter="Available Memory")
| eval total=if(counter="Memory",Value,"NA")
| stats avg(Value) as avgAvailable latest(total) as total by object
| eval MemoryUtilization=round((total-avgAvailable)/total*100,1)
if memory is static value, you can put in your search as:
index=perfmon sourcetype="Perfmon" object="Memory" counter="Available Memory"
| eval total=6144
| stats avg(Value) as avgAvailable by object
| eval MemoryUtilization=round((total-avgAvailable)/total*100,1)
please accept it as an answer if you liked it 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This should work, how about if we have multiple hosts and each host has static value? Kindly help. Thank you.
Aside, is there a way to find the total memory via search query itself?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the response!
I see the search query is for 1 host. What should be done if I have multiple hosts which has different static memory allocated? being new to splunk I am kind of halt!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
index=perfmon sourcetype=perfmon
object="Memory" (counter="Memory" OR counter="Available Memory")
| eval total=if(counter="Memory",Value,"NA")
| stats avg(Value) as avgAvailable latest(total) as total by host object
| eval MemoryUtilization=round((total-avgAvailable)/total*100,1)
Adding host to by clause of stats should be sufficient.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe answer satisfy both questions. However, feel free to explain your question further.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try that:
index = * sourcetype="Perfmon:Memory" counter="Available MBytes" | timechart avg(Value) by host
hope it helps
Adoption of RUM and APM at Splunk
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
