This query will return results based on amount of available memory. I output it to a gauge, you’ll want to modify your gauge to show up red as it approaches zero.
sourcetype="Perfmon:Available Memory" | bucket _time span=1m | eval gigabytes=(((Value/1024)/1024)/1024) | eval GB=round(gigabytes, 2) | gauge GB
Alternatively try this. Thanks to kharris!
source=”Perfmon:Memory” counter=”Available Mbytes” | bucket _time span=1m | eval gigabytes=(Value/1024) | eval GB=round(gigabytes, 2) | gauge GB
You are the man, I have tried this for a few months and could not get it to give me the correct available memory. For some reason my memory counter is already in MB, so i changed part of it to work for me, thank you again :) !
source=”Perfmon:Memory” counter=”Available Mbytes” | bucket _time span=1m | eval gigabytes=(Value/1024) | eval GB=round(gigabytes, 2) | gauge GB
That’s great news….and funny, might have been a change in splunk versions or the CIM. Glad to hear it!!! :)
I’ll post your query as second option for anyone else who may run into this issue.
is there a % Memory Free counter available in the Windows performance data like is available within Linux?