Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

.NET CLR Memory -> # Bytes in all Heaps Performance Counter

vighneshtrivedi
New Member
‎12-12-2019 03:41 AM

We have Splunk enterprise license in our client network. Here we can see chart of Private Bytes for all processes in 24 hours of time range. We want to add similar chart for showing # Bytes in all Heaps in .NET CLR Memory category performance counter.

I am looking for source code for this requirement in query -> search element format where we would provide instances, index, sourcetype, and eval formula for # Bytes in all Heaps Performance counter which we can show for all valid processes.

Would anyone please guide for this?

Tags (1)
0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎12-12-2019 01:42 PM

Some partial answers below, but first a short aside:

Please don't take this the wrong way. We love getting asked questions, but your exact question and the way you asked it - you do realize we're a bunch of volunteers spending our own time helping other people figure out how to accomplish certain goals in Splunk, don't you? We're here because we like to help, but there's a limit to how much effort we can usually expend on any one question, and this question seems a lot like you don't want to put in any effort on your own to solve this but just want a possibly large and complex answer handed to you.

I COULD BE WRONG! In which case please accept my apologies! Sometimes language barriers make things sound like they are not.

I have some tips/tricks/pointers below, hopefully they'll help you. But if you want more/better help, this is really probably three questions all in one - I'd work on each of the below and put some effort in, then if you need help with it ask one at a time.

1) "I have some data, I need to know how to find out if I have some other, similar data".
-- You'll have to give us the searches that runs, maybe we can help steer you to that other data, maybe not - we don't know your environment. You can find the searches underneath the existing dashboards by either clicking the little magnifying glass that shows up when you mouse-over it, or by editing the dashboard and editing it that way. You may not even HAVE that data in and will have to go collect it from the source systems. That would be a whole different question.

2) "I need to then display that data in such and such a way".
-- Show us what you have and what you need. Explain what have your tried so far, what worked and what didn't, what parts can't you figure out? That's going to get you a great answer, I'm sure. It's a second step that might be long after you start the search for the data. But, lucky you, you have a template in the dashboard already, so this shouldn't be too hard - make a copy of the old search and visualization, then adjust it to use the new data you found in 1 above. If you get stuck here, then a new question with specifics would probably get you great responses.

3) "I also need "
-- It sounds like your needs are for a lot of documentation that frankly no on here would write up for you for free. You could pay Splunk Professional Services a ton of money per week for this, or there are other consultants here who would probably be happy to do something like this for the day or so it would take, for ... well, they're not free or even cheap either.

Now, that all having been said, where I'd start is this:

Get the data in
Your best option is to ask whoever set up the other inputs that gets the all process Private Bytes to help you set this up too. They can help you get the new data in, or find the data you already have.

You can use a perfmon input directly from a Windows UF installed on the machine you want to monitor. You can use the previous option in conjunction with the Splunk app for Windows Infrastructure. These can either be as regular events, or as metrics. Google, DuckDuckGo or even Bing can help you here - they should all lead you back to answers posts (like this one), or better yet to Splunk's official documentation (which is awesome stuff!), sometimes to blogs by a handful of us or by Splunkers. But in all cases, read the answers, think if it applies or might help, and try them out.

Find it
Once you have the data being ingested, it sounds a lot like you'd be helped with:
The Free Splunk Fundamental e-learning course.
The Splunk tutorial.
Then it's just poking around in the docs in whatever section you are still having difficulties with.

Don't short the tutorial and fundamentals 1 e-learning, it's how you learn how to work Splunk which is what I think will be most effective for you.

I'm sorry this isn't probably the answer you were looking for, but if you break it up into the three pieces I outlined above, and make a serious attempt to figure out each before posting a question to ask about this or that little piece you can't figure out, I think you'll get a much better set of responses. We really, really love it when a questioner tries hard to solve their own problems and we'll bend over backwards to help them, but if they just ask for big answers handed to them on a sterling silver plate, well, then you get answers like this one.

Happy Splunking!
-Rich

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...