Alerting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Alert on overall %CPU on multicore Solaris server?

davidl64
New Member
‎11-02-2012 01:05 PM

I have a saved search that goes like this:

index=os sourcetype=cpu host=* | multikv fields pctIdle | eval Percent_CPU_Load = 100 - pctIdle | search host="birdhouse" | where Percent_CPU_Load > 80

My intent was to receive an alert if the overall CPU load of the server is over 80%. However, it seems this string will trigger if any single core is over 80%, since it is reading mpstat data and seems to trigger for each line if result is over 80. Leaving aside for the moment that cpu.sh cuts off Core #0, is there a way I can trigger on the average of all the cores?

Thanks,
DL

Tags (2)
0 Karma
Reply

sunilsk1
Path Finder
‎08-24-2013 11:19 PM

Did this work for you ?
I tried the same but do not see any results

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎11-04-2012 09:51 PM 
index=os sourcetype=cpu host=birdhouse | multikv fields pctIdle | eval Percent_CPU_Load = 100 - pctIdle | stats avg(Percent_CPU_Load) as Percent_CPU_Load by host | where Percent_CPU_Load > 80
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...