All,
So trying to make a quick tag to discover command OS metric issues. Basically I want a tag called tag=osproblem
I want it to return hosts that -
90% or higher CPU, RAM
90% disk space used
Any swap being used
Here is the start of my work. Just want to make sure there is not a smarter way of doing this before I commit to this approach -
tag=os pctCPU=* OR pctMEM=* | where pctCPU>90 OR pctMEM>90
It doesn't appear that I can use "where" in a eventtype. Any idea how I could attack this?
↧