Need some help on search string to calculate 10 minute average and generate alert.
say for example Virtual memory usage 10 minute average > 10000 generate an alert. How can we calculate 10 minute average ?
this would be from a table event so need to use multikv. sample event below :

USER               PID   PSR   pctCPU       CPUTIME  pctMEM     RSZ_KB     VSZ_KB   TTY      S       ELAPSED  COMMAND             ARGS
root                 1     1      0.0      00:00:16     0.0        788      10384   ?        S   19-08:11:30  init                [3]
root                 2     1      0.0      00:00:00     0.0          0          0   ?        S   19-08:11:30  [kthreadd]          <noArgs>
root                 3     0      0.0      00:00:00     0.0          0          0   ?        S   19-08:11:30  [migration/0]       <noArgs>
root                 4     0      0.0      00:00:00     0.0          0          0   ?        S   19-08:11:30  [ksoftirqd/0]       <noArgs>
root                 5     0      0.0      00:00:26     0.0          0          0   ?        S   19-08:11:30  [events/0]          <noArgs>
root                 6     0      0.0      00:00:00     0.0          0          0   ?        S   19-08:11:30  [cpuset]            <noArgs

thanks
pmr