- Splunk Answers
- :
- Using Splunk
- :
- Splunk Dev
- :
- Re: What is pctIdle in splunk index os?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
What is this field pctIdle which automatically gets extracted when we use multikv command?
Is it the avg cpu load?
Is it the percentage of time when CPU was idle?
If i need to calculate the CPU utilisation % of my 2 host, which query and sourcetype should i use from the below 2 queries?
1. index=os sourcetype=top host="host1" OR host="host2"
| timechart span=5m values(pctCPU) by host
2.index=os sourcetype=cpu host="host1" OR host="host2"
| eval Percent_CPU_Load = 100 - pctIdle
| timechart avg(Percent_CPU_Load) by host
Appreciate if someone can help
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pctIdle or Percent Idle Time is percentage of time that the CPU or CPUs were idle and the system did not have an outstanding disk I/O request. Have a look at this to see a comparison of commands used : https://www.cyberciti.biz/tips/how-do-i-find-out-linux-cpu-utilization.html
If you need to calculate CPU utilisation % of hosts, use eval Percent_CPU_Usage = 100 - pctIdle , see Percent_CPU_Usage
On another note, do you have pctCPU field? As far as I have seen, the headers for CPU utilization are
CPU pctUser pctNice pctSystem pctIowait pctIdle
Which are
CPU : CPU number
%user: Percentage of CPU utilization that occurred while executing at the user level (application).
%nice: Percentage of CPU utilization that occurred while executing at the user level with nice priority.
%system: Percentage of CPU utilization that occurred while executing at the system level (kernel).
%iowait: Percentage of time that the CPU or CPUs were idle during which the system had an outstanding disk I/O request.
%idle: Percentage of time that the CPU or CPUs were idle and the system did not have an outstanding disk I/O request.
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
pctIdle or Percent Idle Time is percentage of time that the CPU or CPUs were idle and the system did not have an outstanding disk I/O request. Have a look at this to see a comparison of commands used : https://www.cyberciti.biz/tips/how-do-i-find-out-linux-cpu-utilization.html
If you need to calculate CPU utilisation % of hosts, use eval Percent_CPU_Usage = 100 - pctIdle , see Percent_CPU_Usage
On another note, do you have pctCPU field? As far as I have seen, the headers for CPU utilization are
CPU pctUser pctNice pctSystem pctIowait pctIdle
Which are
CPU : CPU number
%user: Percentage of CPU utilization that occurred while executing at the user level (application).
%nice: Percentage of CPU utilization that occurred while executing at the user level with nice priority.
%system: Percentage of CPU utilization that occurred while executing at the system level (kernel).
%iowait: Percentage of time that the CPU or CPUs were idle during which the system had an outstanding disk I/O request.
%idle: Percentage of time that the CPU or CPUs were idle and the system did not have an outstanding disk I/O request.
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Brilliant Thank you
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...
Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...
Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...
