I have this query that i've lightly changed from the winfra app, but i want to add a PID into it, that would be in the second query. I'm having trouble figuring out how to get this done.
eventtype="perfmon_windows" (Host="SERVER" ) Host="*" object="Process" counter="% Processor Time" instance="coldfusion*" AND NOT instance="coldfusions*" | stats sparkline(avg(Value)) as Trend avg(Value) as Average, max(Value) as Peak, latest(Value) as Current, latest(_time) as "Last Updated" by instance | convert ctime("Last Updated") | sort - Current | eval Average=round(Average, 2) | eval Peak=round(Peak, 2) | eval Current=round(Current, 2)
then there's this one, which has the value of the PID
eventtype="perfmon_windows" (Host="SERVER" ) object="Process" instance="coldfusion*" AND NOT instance="coldfusions*" counter="ID Process" |table Value
When I use a JOIN i get far too many columns back.
↧