Solved: How to calculate max 3 cpu usage each day and when...

tarunmalhotra79 · ‎03-13-2020

The idea is to show up top 3 CPU Averages in a day for last 7 days.

Query Using:-
index=os sourcetype=ps host="Host1"
| timechart span=1h avg(pctCPU) as Avg_pctCPU

Here, I want to first sort the result and then using the limit command filter only top 3 results with maximum value for each day and then if i run the search for last 7 days then it should do the same thing and should give me the 21 results,

Top 3 results each day * 7 days. == Total 21 results

Thanks in advance

manjunathmeti · ‎03-13-2020

Hi @tarunmalhotra792,

Try this:

index=os sourcetype=ps host="Host1"
| timechart span=1h avg(pctCPU) as Avg_pctCPU
| bin _time span=1d
| top 3 Avg_pctCPU by _time

View solution in original post

manjunathmeti · ‎03-13-2020

Hi @tarunmalhotra792,

Try this:

index=os sourcetype=ps host="Host1"
| timechart span=1h avg(pctCPU) as Avg_pctCPU
| bin _time span=1d
| top 3 Avg_pctCPU by _time

tarunmalhotra79 · ‎03-13-2020

Thanks, It worked

How to calculate max 3 cpu usage each day and when ran for last 7 days, It should show 21 max CPU usage

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!