I have an inputlookup file (.csv file). It has column A with list of host names and column B with list of domain names; One domain might contain (map to) several hosts. And different hosts map to several domains. Kind of one to many mapping for both hosts & domains.
I want to find out highest % of CPU utilized by the domain at a every 15minutes interval. Also I want to find highest % of Memory utilized by the domain at a every 15minutes interval. Just fyi, I am trying to push this data to influxDB via influx connect app on splunk by setting up splunk jobs.
for example, domain A is hosted on the hosts 1,2,3,4,5,6,7 and domain B is hosted on 11,12,13,14,15. If I want top 1 percentage utilization of CPU by domain A & B, I want the table result to be displayed with details "timestamp , on which host our of 7 hosts domain A is utilizing highest % cpu" ; same for memory % utilization.
at time range of 15minutes:-
Query should result output table like this=
time host domain val_%CPU_used
1508408100000 4 A 70
1508409500000 3 A 60
1508412100000 12 B 50
My another output for memory should be like this:
time host domain val_%Memory_Used
1508408100000 3 A 40
1508408100000 4 A 75
1508409500000 3 A 61
1508412100000 12 B 50
1508426100000 12 B 20
In other words, at same timestamp let's say at 1508426100000 , if domain A running on hosts 1,2,3,4,5,6,7 is utilizing different percentages of CPU on those hosts , I want the highest percentage CPU utilization value to be displayed in the result table for domain A at 1508426100000 timestamp. Want the Same for memory output as well.
Could someone suggest a query to accomplish this, please?
Appreciate quick help, please!!
↧