| rest splunk_server=local /services/server/info
| table splunk_server numberOfCores numberOfVirtualCores os_build physicalMemoryMB
| appendcols
[| rest splunk_server=local /services/server/status/partitions-space
| table splunk_server mount_point available capacity ]
| eval freeDiskGB=available/1024, totalDiskGB=capacity/1024
| table splunk_server numberOfCores numberOfVirtualCores os_build physicalMemoryMB mount_point freeDiskGB totalDiskGB
| addcoltotals freeDiskGB totalDiskGB
0 comments
[0]
[0]
[0]
[0]
index=_introspection component=Hostwide | bin _time span=1d | stats values(data.splunk_version) by _time, host
0 comments
[1]
[0]
[1]
[0]
index=_introspection sourcetype=splunk_resource_usage component=PerProcess host=*
| eval process = 'data.process', args = 'data.args', sid = 'data.search_props.sid', elapsed = 'data.elapsed', mem_used = 'data.mem_used', mem = 'data.mem', pct_memory = 'data.pct_memory', app = 'data.search_props.app', type = 'data.search_props.type', mode = 'data.search_props.mode', user = 'data.search_props.user', role = 'data.search_props.role', process_class = case( process=="splunk-optimize","index service", process=="sh" OR process=="ksh" OR process=="bash" OR like(process,"python%") OR process=="powershell","scripted input", process=="mongod", "KVStore"), process_class = case( process=="splunkd" AND (like(args,"-p %start%") OR like(args,"service")),"splunkd server", process=="splunkd" AND isnotnull(sid),"search", process=="splunkd" AND (like(args,"fsck%") OR like(args,"recover-metadata%") OR like(args,"cluster_thing")),"index service", process=="splunkd" AND args=="instrument-resource-usage", "scripted input", (like(process,"python%") AND like(args,"%/appserver/mrsparkle/root.py%")) OR like(process,"splunkweb"),"Splunk Web", isnotnull(process_class), process_class), process_class = if(isnull(process_class),"other",process_class)
| stats latest(data.mem_used) AS resource_usage_dedup latest(process_class) AS process_class by data.pid, _time
| stats sum(resource_usage_dedup) AS resource_usage by _time, process_class
| timechart minspan=10s median(resource_usage) AS "Resource Usage" by process_class
0 comments
[0]
[0]
[0]
[0]
index="_introspection" "data.process"=splunkd | timechart max(data.mem_used) as "Memory Used" by data.search_props.sid usenull=f useother=f
0 comments
[0]
[0]
[0]
[0]