Solved: How to calculate max 3 cpu usage each day and when...

tarunmalhotra79 · ‎03-13-2020

The idea is to show up top 3 CPU Averages in a day for last 7 days.

Query Using:-
index=os sourcetype=ps host="Host1"
| timechart span=1h avg(pctCPU) as Avg_pctCPU

Here, I want to first sort the result and then using the limit command filter only top 3 results with maximum value for each day and then if i run the search for last 7 days then it should do the same thing and should give me the 21 results,

Top 3 results each day * 7 days. == Total 21 results

Thanks in advance

manjunathmeti · ‎03-13-2020

Hi @tarunmalhotra792,

Try this:

index=os sourcetype=ps host="Host1"
| timechart span=1h avg(pctCPU) as Avg_pctCPU
| bin _time span=1d
| top 3 Avg_pctCPU by _time

View solution in original post

manjunathmeti · ‎03-13-2020

Hi @tarunmalhotra792,

Try this:

index=os sourcetype=ps host="Host1"
| timechart span=1h avg(pctCPU) as Avg_pctCPU
| bin _time span=1d
| top 3 Avg_pctCPU by _time

tarunmalhotra79 · ‎03-13-2020

Thanks, It worked

How to calculate max 3 cpu usage each day and when ran for last 7 days, It should show 21 max CPU usage

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!