Is it possible to monitor system load average, e.g.:
$ uptime
09:49:57 up 11 days, 17:35, 1 user, load average: 1.36, 1.09, 1.00
With the Unix|Linux TA on a Universal Forwarder? I see cpu_load_percentage, but this measure isn't jiving with the system's reported load average.
CPU load is [..] processes using a slice of CPU time [..] or queued up to use the CPU. Unix refers to this as the run-queue length: the sum of the number of processes that are currently running plus the number that are waiting (queued) to run. -- http://blog.scoutapp.com/articles/2009/07/31/understanding-load-averages
My understanding is that cpu_load_percentage will never exceed 100%, but we would like to see how much we're over-subscribing our VMs that are being monitored.
Thanks!
You could put a script into an etc/apps/foo/bin
directory that contains a simple uptime
call and run that script as a scripted input on whatever schedule you need, much like the Unix TA does as well. Give it a sourcetype you like, and set that to something like this in props.conf:
[your_sourcetype]
TIME_PREFIX = ^
TIME_FORMAT = %H:%M:%S
MAX_TIMESTAMP_LOOKAHEAD = 10
EXTRACT-load = load average: (?<load_1m>[\d.]+), (?<load_5m>[\d.]+), (?<load_15m>[\d.]+)