mirror of
https://github.com/fleetdm/fleet
synced 2026-05-19 15:09:20 +00:00
d8489c4f2b
Updates to cpu_time data table in Fleet Table Docs per https://github.com/fleetdm/fleet/issues/16993 --------- Co-authored-by: Eric <eashaw@sailsjs.com>
21 lines
1.1 KiB
YAML
21 lines
1.1 KiB
YAML
name: cpu_time
|
|
description: The `cpu_time` table displays data from the `/proc/stat` file which records how the Central Processing Unit (CPU) in a computer or mobile device allocates time to processing workloads.
|
|
examples: |-
|
|
This query identifies Hosts on which the ratio of CPU time spent processing System workloads compared to User workloads is 2:1. This could be evidence of a corrupted operating system or malicious activity:
|
|
|
|
```
|
|
SELECT * FROM cpu_time WHERE user/system > 2;
|
|
```
|
|
|
|
This query duplicates the macOS Activity Monitor.app GUI which shows the percentage of CPU time spent on System, User and Idle workloads:
|
|
|
|
```
|
|
SELECT printf(ROUND((CAST(SUM(system) AS FLOAT)/(SUM(idle)+SUM(system)+SUM(user)))*100,2)) AS system_pct,
|
|
printf(ROUND((CAST(SUM(user) AS FLOAT)/(SUM(idle)+SUM(system)+SUM(user)))*100,2)) AS user_pct,
|
|
printf(ROUND((CAST(SUM(idle) AS FLOAT)/(SUM(idle)+SUM(system)+SUM(user)))*100,2)) AS idle_pct
|
|
FROM cpu_time;
|
|
```
|
|
notes: |-
|
|
[CPU time](https://en.wikipedia.org/wiki/CPU_time)
|
|
|
|
[Benchmarking code by referencing CPU time](https://dev.to/satrobit/cpu-time-how-to-accurately-benchmark-your-code-572p)
|