Splunk search for CPU Utilization on Windows Servers

Copy
| mstats avg(_value) as avgValue WHERE metric_name="Processor.%_Processor_Time" OR metric_name="Processor.%_Idle_Time" AND "index"="em_metrics" span=auto by metric_name, host | eval avgValue=avgValue."host".host | xyseries _time metric_name avgValue | rename Processor.%_* as perc_* | foreach perc_* [ | rex field=<<FIELD>> "(?P<<<FIELD>>>.+)host(?P<host>.+)$" ]
This Splunk search uses the mstats command to provide a very efficient search that will give CPU utilization metrics for Windows hosts over time. This particular search is crafted in a very particular way to be useful as a KPI Base Search in Splunk ITSI.
0 comments

Category:

Windows


Tags:

mstats metrics windows Resource Utilization ITSI KPI Base Search

Search Commands:

Sign in or Register to submit a comment