I have dashboard with avg cpu usage 30 days but now i want to break it with timeframe like:
• One window for 12am-8am, one window from 8am-4pm, one window from 4pm-12am
you can try something like this
index=os sourcetype=cpu cpu=all
| eval pctBusy=100-pctIdle
| eval date_hour=strftime(_time,"%H")
| eval date=case(date_hour>=0 AND date_hour<8,"12am-8am",date_hour>=8 AND date_hour<16,"8am-4pm",date_hour>=16 AND date_hour<24,"4pm-12am")
| chart avg(pctBusy) as avg over host by date
| foreach 12am-8am 8am-4pm 4pm-12am
[ eval <<FIELD>>=round('<<FIELD>>')]
| sort by host
let me know if this helps!
Hey shreyasathavale,
You can try this query below:
index=abc role=xyz sourcetype=cpu cpu=all|eval pctBusy=100-pctIdle|eval time=case(date_hour>0 AND date_hour<8,"slot1",date_hour>8 AND date_hour<16,"slot2",date_hour>16 AND date_hour<24,"slot3")|chart avg(pctBusy) by host,time|eval AvgCPU=round('avg(pctBusy)',2)|rename AvgCPU As "Average CPU" |fields host,"Average CPU","time"|sort by host
Hope this helps!!
This did not provide any result sadly.. but mayurr98's answer worked. Thanks again!!
you can try something like this
index=os sourcetype=cpu cpu=all
| eval pctBusy=100-pctIdle
| eval date_hour=strftime(_time,"%H")
| eval date=case(date_hour>=0 AND date_hour<8,"12am-8am",date_hour>=8 AND date_hour<16,"8am-4pm",date_hour>=16 AND date_hour<24,"4pm-12am")
| chart avg(pctBusy) as avg over host by date
| foreach 12am-8am 8am-4pm 4pm-12am
[ eval <<FIELD>>=round('<<FIELD>>')]
| sort by host
let me know if this helps!
Thanks a lot mayurr98 !!!
can you provide search query?
index=abc role=xyz sourcetype=cpu cpu=all|eval pctBusy=100-pctIdle|chart avg(pctBusy) by host|eval AvgCPU=round('avg(pctBusy)',2)|rename AvgCPU As "Average CPU" |fields host,"Average CPU"|sort by host
I have set earliest=-30d@d latest=now