Splunk® Common Information Model Add-on

Common Information Model Add-on Manual

This documentation does not apply to the most recent version of Splunk® Common Information Model Add-on. For documentation on the most recent version, go to the latest release.

Performance

The fields in the Performance data model and event category describe performance tracking data. Tags used with the Performance event category
Object name(s) Tag name Required?
All_Performance performance YES
CPU cpu NO
Memory memory NO
Network network NO
OS os NO
Storage storage NO

Fields for the Performance event category

Object name(s) Field name Data type Description Possible values
All_Performance dest_bunit string These are derived fields provided by Asset and Identity correlation features of certain advanced applications like the Splunk App for Enterprise Security. They should be left blank when writing add-ons.
All_Performance dest_category string
All_Performance dest_should_timesync boolean
All_Performance dest_should_update boolean
All_Performance hypervisor_id string The ID of the virtualization hypervisor.
All_Performance dest string The system where the event occurred. May be aliased from more specific fields, such as dest_host, dest_ip, or dest_name.
CPU cpu_load_mhz int The amount of CPU load reported by the controller in megahertz.
CPU cpu_load_percent int The amount of CPU load reported by the controller in percentage points.
CPU cpu_time int The number of CPU seconds consumed by processes.
CPU cpu_user_percent int Percentage of CPU user time consumed by processes.
Memory mem int The total amount of memory capacity reported by the resource, in megabytes.
Memory mem_committed int The committed amount of memory reported by the resource, in megabytes.
Memory mem_free int The free amount of memory reported by the resource, in megabytes.
Memory mem_used int The used amount of memory reported by the resource, in megabytes.
Memory swap int The swap space size, in megabytes, if applicable.
Memory swap_free int The free swap space size, in megabytes, if applicable.
Memory swap_used int The used swap space size, in megabytes, if applicable.
Storage array string The array that the resource is a member of, if applicable.
Storage blocksize int Block size used by the storage resource, in kilobytes.
Storage cluster string The cluster that the resource is a member of, if applicable.
Storage fd_max int The maximum number of available file descriptors.
Storage fd_used int The current number of open file descriptors.
Storage latency int The latency reported by the resource, in milliseconds.
Storage mount string The mount point of a storage resource.
Storage parent string A generic indicator of hierarchy; for instance, a disk event might include the array id here.
Storage read_blocks string Number of blocks read.
Storage read_latency int Latency of read operations.
Storage read_ops int Number of read operations.
Storage storage int The total amount of storage capacity reported by the resource, in megabytes.
Storage storage_free int The free amount of storage capacity reported by the resource, in megabytes.
Storage storage_used int The used amount of storage capacity reported by the resource, in megabytes.
Storage storage_used_percent int The percentage of used storage capacity reported by the resource, in megabytes.
Storage write_blocks int Number of blocks written
Storage write_ops int Number of write operations
Network thruput int The current throughput reported by the service.
Network thruput_max int The maximum possible throughput reported by the service.
OS
Timesync
signature string The event description signature, if available.
OS
Timesync
action string The result of a time sync event. success, failure, unknown
OS
Uptime
uptime int The uptime of the compute resource, in seconds.
Last modified on 28 October, 2013
Network Traffic   Splunk Audit Logs

This documentation applies to the following versions of Splunk® Common Information Model Add-on: 3.0, 3.0.1, 3.0.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters