Hello everyone,
Pretty new to Splunk and, to be honest, I'm going under in work so I don't have time to work myself in a lot 😕 and so I hoped someone could help me with something, I somehow couldn't find some solution for..
We. I. want to monitor our VDA Servers and get informed / an e-mail once the CPU usage goes over a certain amount. Let's say 70%.
This shouldn't happen. But of course sometimes it does. And we want to know through which process.
So we basically want to get a short e-mail.
"Hey. CPU load on X is over the limit.
Here are the top 3 processes, sorted by CPU load produced:
"
Is there a pre-made solution someone knows? Or a powershell script?
First, you must have performance data from your VDA servers indexed in Splunk. You can use a universal forwarder to send perfmon:CPU events to do that.
[perfmon://Processor]
object = Processor
instances = _Total
counters = % Processor Time;% User Time
interval = 60
disabled = 0
Once you have the data, it's easy to craft a search that runs every few minutes to look for servers with high CPU utilization.
index=windows | stats sum('% Processor Time') as PctCPU | where PctCPU > 70
See https://docs.splunk.com/Documentation/Splunk/7.2.4/Data/MonitorWindowsperformance for details.
First, you must have performance data from your VDA servers indexed in Splunk. You can use a universal forwarder to send perfmon:CPU events to do that.
[perfmon://Processor]
object = Processor
instances = _Total
counters = % Processor Time;% User Time
interval = 60
disabled = 0
Once you have the data, it's easy to craft a search that runs every few minutes to look for servers with high CPU utilization.
index=windows | stats sum('% Processor Time') as PctCPU | where PctCPU > 70
See https://docs.splunk.com/Documentation/Splunk/7.2.4/Data/MonitorWindowsperformance for details.
Sorry for the late reply, hope everyone had a nice weekend 🙂
Going to try this out.
Thank you.