Hi Splunkers,
I am still a beginner, trying to write a query to fetch splunk heavy forwarder's cpu, memory usage and other hardware related stuff. With the below query i am not able to fetch the correct values for Heavy forwarders(see below results). So, could anyone please help me to resolve this issue.
Query: `internal` host=*spi* source="/opt/splunk/var/log/splunk/metrics.log" fwdType=full | dedup hostname | table hostname | join type=left [search index = * sourcetype=nix:hardware host=* | rex mode=sed "s/\s\s+/=/g" | extract kvdelim="=" pairdelim="\n" ] |table hostname,CPU_TYPE,CPU_COUNT,MEMORY_REAL
Results: Same values being replicated for all Hfs which is incorrect
Host CPU_TYPE CPU_COUNT MEMORY_REAL
HF 1 Intel(R) Xeon(R) @ 2.70GHz 12 24504164 kB
HF 2 Intel(R) Xeon(R) @2.70GHz 12 24504164 kB
HF 3 Intel(R) Xeon(R) @2.70GHz 12 24504164 kB
HF n Intel(R) Xeon(R) @ 2.70GHz 12 24504164 kB
↧