The following Splunk Search will show memory usage on a linux machine over a period of time using timechart:
|
1 |
index=os sourcetype=top pctMEM=*| transaction host _time | streamstats window=1 global=f sum(pctMEM) as MEM | timechart latest(MEM) by host |
Thats too heavy, why not use vmstat?
index=os sourcetype=vmstat | timechart avg(memUsedPct) as “Memory Used %” by host