===== Get lowest memfree for given analysis date =====

<code bash>
atopsar -r /var/log/atop/atop_20240703 -m -R 1 | awk 'NR<7{print $0;next}{print $0| "sort -k 3,4"}' | head -11
</code>

^Argument                                                  ^Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                ^
|''%%atopsar%%''                                           |atop’s system activity report                                                                                                                                                                                                                                                                                                                                                                                                                                              |
|''%%-r /var/log/atop/atop_20240703%%''                    |Log file to use                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
|''%%-m%%''                                                |Memory- and swap-occupation                                                                                                                                                                                                                                                                                                                                                                                                                                                |
|''%%-R 1%%''                                              |Summarize 1 sample into 1 sample. Log file contains samples of 10 minutes, so this will summarize each sample. ''%%-R 6%%'' will summarize one sample per 60 minutes.                                                                                                                                                                                                                                                                                                      |
|''%%awk 'NR<7{print $0;next}{print $0| "sort -k 3,4"}'%%''|For number of input records ''%%NR%%'' less than ''%%7%%'', ''%%print%%'' the input record (''%%$0%%''), go to the ''%%next%%'' input record and repeat the ''%%{print $0}%%'' pattern until the end is reached, then execute the END rule. The END rule in this case is ''%%{print $0| "sort -k 3,4"}%%'', it prints the remaining input records after piping them through the''%%"sort -k 3,4"%%'' command. This avoids sorting the first 7 lines of the atopsar command.|
|''%%head -11%%''                                          |Get the top 11 lines of output                                                                                                                                                                                                                                                                                                                                                                                                                                             |

===== Get top 3 memory processes for given analysis date =====

<code bash>
atopsar -G -r /var/log/atop/atop_20240710
</code>

===== Identify top-five most frequently executed process during logging period =====

<code bash>
atop -r /var/log/atop/atop_20241123 -P PRG | grep -oP "(?<=\()[[:alnum:]]{1,}(?=\))" | sort | uniq -c | sort -k1rn | head -5
</code>

===== Count the number of times a particular process has been detected during logging period =====

<code bash>
atop -r /var/log/atop/atop_20241123 -P PRG | egrep "docker" | awk '{print $5}' | uniq -c -w5
</code>

===== Generate a chart of the number of instances of a particular process during logging period =====

<code bash>
atop -r /var/log/atop/atop_20241123 -P PRG | egrep "docker" | awk '{print $5}' | uniq -c -w8 | \
    gnuplot -e "set terminal dumb 80 20; unset key; set style data labels; set xdata time; set xlabel 'Time'; set ylabel 'docker'; set timefmt '%H:%M:%S'; plot '-' using 2:1:ytic(1) with histeps"
</code>

===== Generate a PNG chart of the number of instances of a particular process during logging period =====

<code bash>
atop -r /var/log/atop/atop_20241123 -P PRG | awk '{print $5}' | uniq -c -w8 | \
    gnuplot -e "set title 'Process Count'; set offset 1,1,1,1; set autoscale xy; set mxtics; set mytics; \
        set style line 12 lc rgb '#ddccdd' lt 1 lw 1.5; set style line 13 lc rgb '#ddccdd' lt 1 lw 0.5; set grid xtics mxtics ytics mytics \
        back ls 12, ls 13; set terminal png size 1920,1280 enhanced font '/usr/share/fonts/liberation/LiberationSans-Regular.ttf,10'; \
        set output 'plot_$(date +'%Y-%m-%d_%H:%M:%S')_${RANDOM}.png'; set style data labels; set xdata time; set xlabel 'Time' font \
        '/usr/share/fonts/liberation/LiberationSans-Regular.ttf,8'; set ylabel 'Count' font \
        '/usr/share/fonts/liberation/LiberationSans-Regular.ttf,8'; set timefmt '%H:%M:%S'; plot '-' using 2:1 with histeps"
</code>

===== Identify top-ten most frequently executed binaries from /sbin or /usr/sbin during logging period =====

<code bash>
for i in $(atop -r /var/log/atop/atop_20241123 -P PRG | grep -oP "(?<=\()[[:alnum:]]{1,}(?=\))" | sort | uniq -c | sort -k1rn | head -10); do 
    which "${i}" 2>/dev/null | grep sbin; 
done
</code>

===== Identify disks with over 90% activity during logging period =====

<code bash>
atopsar -r /var/log/atop/atop_20241123 -d | egrep '^[0-9].*|(9[0-9]|[0-9]{3,})%'
</code>

===== Identify processes responsible for most disk I/O during logging period =====

<code bash>
atopsar -r /var/log/atop/atop_20241123 -D | sed 's/\%//g' | awk -v k=50 '$4 > k || $8 > k || $12 > k' | sed -r 's/([0-9]{1,})/%/5;s/([0-9]{1,})/%/7;s/([0-9]{1,})/%/9'
</code>

===== Identify periods of heavy swap activity during logging period =====

<code bash>
atopsar -r /var/log/atop/atop_20241123 -s | awk -v k=1000 '$2 > k || $3 > k || $4 > k'
</code>

===== Identify logical volumes with high activity or high average queue during logging period =====

<code bash>
atopsar -r /var/log/atop/atop_20241123 -l -S | sed 's/\%//g' | awk -v k=50 -v j=100 '$3 > k || $8 > j' | sed -r 's/([0-9]{1,})/%/4'
</code>

===== Identify processes consuming more than half of all available CPUs during logging period =====

<code bash>
(( k = $(grep -c proc /proc/cpuinfo) / 2 * 100 ))
atopsar -r /var/log/atop/atop_20241123 -P | sed 's/\%//g' | awk -v k=$k '$4 > k || $8 > k || $12 > k' | sed -r 's/([0-9]{1,})/%/5;s/([0-9]{1,})/%/7;s/([0-9]{1,})/%/9'
</code>

===== Identify time of peak memory utilization during logging period =====

<code bash>
atopsar -r /var/log/atop/atop_20241123 -m -R 1 | awk 'NR<7{print $0;next}{print $0| "sort -k 3,3"}' | head -15
</code>