Display Highest Average Trends over time
Hi,
I am trying to create a query such that I find the 5 containers with the highest average cpu usage, then display their cpu usage over time. I can easily find the containers with the highest average, or even display the top 5 containers with the highest cpu usage per timeslice, but I am not sure how to do both together. The problem with displaying the top 5 per timeslice is that it often ends up displaying many more than 5 containers since the highest will vary per timeslice, instead of limiting to 5 series being displayed.
I hope this question makes sense and that this is possible.
Thanks
-
Official comment
It is easily feasible with the latest addition of new filter operator which internally fires another query.
We can leverage filter operator for finding the top 5 containers with the highest average CPU usage and categorize only top 5 prompted containers.
Potential Query:
searchExpression | parse "cpuUsage=*," as cpuUsage
| timeslice 5m | avg(cpuUsage) as avgCpuUsage by container,_timeslice
| filter container in ( avg(avgCpuUsage) as avgCpu by container | top 5 container by avgCpu)
| transpose row _timeslice column containerComment actions -
Hey Garrett,
Would this example help you with what you're trying to achieve?
https://support.sumologic.com/hc/en-us/community/posts/115007966748-Top-10-IP-Addresses-by-Timeslice
Cheers,
Mario
Please sign in to leave a comment.
Comments
4 comments