transpose to show percentage column and not count
Hi,
I have been trying to achieve splitting my series in Sumo-logic based on lets say for example the source name field while using transpose and timeslice, but no luck as I don't know what else other than count I can use to help me group/split my data by source.
Here is what I have so far:
......
| parse "source=* " as app
| parse "memory_quota=*MB" as total_memory
| parse "memory_rss=*MB" as used_rss_memory
| parse "memory_total=*MB" as used_total_memory
| parse "memory_cache=*MB" as cached_memory
| (used_total_memory/total_memory)*100 as memory_used
| timeslice 5m
| count by _timeslice, dyno, memory_used
What I need is to be able to sample at 5mins (i.e. like what I have above) then have a visualization that shows multi apps (i.e. multiple lines in my line chart, representing different apps) and my column is the the above "memory_used" field. In summary what I need is time vs percentage while my lines are representing different apps.
-
A few other aggregation operators that you may be able to use are min, max, and avg. So maybe something like the following will help get you the result you need?
| parse "source=* " as app
| parse "memory_quota=*MB" as total_memory
| parse "memory_rss=*MB" as used_rss_memory
| parse "memory_total=*MB" as used_total_memory
| parse "memory_cache=*MB" as cached_memory
| (used_total_memory/total_memory)*100 as memory_used
| timeslice 5m
| max(memory_used) as memory_used by app, _timeslice
| transpose row _timeslice column appThis should result in a time series chart with a line for each app percentage, based on the max percentage for each app within each 5 minute slice.
Please sign in to leave a comment.
Comments
1 comment