Splunk search for Windows Memory Usage Metrics

Copy
| mstats avg(_value) as avgValue WHERE metric_name="Memory.*" AND "index"="em_metrics" span=auto by metric_name, host | eval avgValue=avgValue."host".host | xyseries _time metric_name avgValue | rename Memory.* as *, %* as *, */sec as *_per_sec | foreach * [ | rex field=<<FIELD>> "(?P<<<FIELD>>>.+)host(?P<host>.+)$" ]
This Splunk search uses the mstats command to provide a very efficient search that will give Memory utilization metrics for Windows hosts over time. This particular search is crafted in a very particular way to be useful as a KPI Base Search in Splunk ITSI.
0 comments

Category:

Windows


Tags:

mstats metrics memory ITSI KPI Base Search

Search Commands:

Sign in or Register to submit a comment