Performance

The fields in the Performance data model and event category describe performance tracking data. Tags used with the Performance event category

Object name(s)	Tag name	Required?
All_Performance	performance	YES
CPU	cpu	NO
Memory	memory	NO
Network	network	NO
OS	os	NO
Storage	storage	NO

Fields for the Performance event category

Object name(s)	Field name	Data type	Description	Possible values
All_Performance	`dest_bunit`	string	These are derived fields provided by Asset and Identity correlation features of certain advanced applications like the Splunk App for Enterprise Security. They should be left blank when writing add-ons.
All_Performance	`dest_category`	string
All_Performance	`dest_should_timesync`	boolean
All_Performance	`dest_should_update`	boolean
All_Performance	`hypervisor_id`	string	The ID of the virtualization hypervisor.
All_Performance	`dest`	string	The system where the event occurred. May be aliased from more specific fields, such as `dest_host`, `dest_ip`, or `dest_name`.
CPU	`cpu_load_mhz`	int	The amount of CPU load reported by the controller in megahertz.
CPU	`cpu_load_percent`	int	The amount of CPU load reported by the controller in percentage points.
CPU	`cpu_time`	int	The number of CPU seconds consumed by processes.
CPU	`cpu_user_percent`	int	Percentage of CPU user time consumed by processes.
Memory	`mem`	int	The total amount of memory capacity reported by the resource, in megabytes.
Memory	`mem_committed`	int	The committed amount of memory reported by the resource, in megabytes.
Memory	`mem_free`	int	The free amount of memory reported by the resource, in megabytes.
Memory	`mem_used`	int	The used amount of memory reported by the resource, in megabytes.
Memory	`swap`	int	The swap space size, in megabytes, if applicable.
Memory	`swap_free`	int	The free swap space size, in megabytes, if applicable.
Memory	`swap_used`	int	The used swap space size, in megabytes, if applicable.
Storage	`array`	string	The array that the resource is a member of, if applicable.
Storage	`blocksize`	int	Block size used by the storage resource, in kilobytes.
Storage	`cluster`	string	The cluster that the resource is a member of, if applicable.
Storage	`fd_max`	int	The maximum number of available file descriptors.
Storage	`fd_used`	int	The current number of open file descriptors.
Storage	`latency`	int	The latency reported by the resource, in milliseconds.
Storage	`mount`	string	The mount point of a storage resource.
Storage	`parent`	string	A generic indicator of hierarchy; for instance, a disk event might include the array id here.
Storage	`read_blocks`	string	Number of blocks read.
Storage	`read_latency`	int	Latency of read operations.
Storage	`read_ops`	int	Number of read operations.
Storage	`storage`	int	The total amount of storage capacity reported by the resource, in megabytes.
Storage	`storage_free`	int	The free amount of storage capacity reported by the resource, in megabytes.
Storage	`storage_used`	int	The used amount of storage capacity reported by the resource, in megabytes.
Storage	`storage_used_percent`	int	The percentage of used storage capacity reported by the resource, in megabytes.
Storage	`write_blocks`	int	Number of blocks written
Storage	`write_ops`	int	Number of write operations
Network	`thruput`	int	The current throughput reported by the service.
Network	`thruput_max`	int	The maximum possible throughput reported by the service.
OS Timesync	`signature`	string	The event description signature, if available.
OS Timesync	`action`	string	The result of a time sync event.	`success`, `failure`, `unknown`
OS Uptime	`uptime`	int	The uptime of the compute resource, in seconds.

Related answers from Splunk Community

Performance

Comments

Was this topic useful?