Have you seen the Splunk App for Unix and Linux ?

From the documentation:

With innovative visualizations and customizable host groupings, the Splunk App for Unix and Linux comes with over forty out-of-the box OS performance metrics monitoring and twelve pre-packaged alerts helping you easily identify issues and quickly resolve anomalies. It provides context of important activity in your nix environment around significant events and helps you navigate into resources that are over- or under- utilized for **easy capacity optimization*.

Use Splunk Enterprise to combine your Unix and Linux systems data with data from all other technology tiers such as hypervisors, applications, storage, networks and servers to gain a complete, central view of KPIs across your entire enterprise. Analyze and correlate performance, capacity, error and security information across all your technology tiers with the Big Data scale provided by Splunk Enterprise, for faster problem resolution and more accurate capacity planning. Reclaim underutilized resources and replenish over-utilized capacity for optimal cost control. With the Splunk App for Unix and Linux you can:

• Visualize the operational health of your Unix and Linux environment through innovative dashboards customizable to service-groupings in your environment
• Utilize NOC-style dashboards for insight into resource consumption of desired systems
• Easily identify anomalies and outliers across the most important performance metrics from all your systems
• *Quickly compare CPU, RAM and disk capacity utilization across many hosts *
• *Proactively monitor your environment by utilizing out of the box pre-packaged alerts, flexible visualizations, and configurable headline style alert views *
• Easily add new systems and data inputs and accelerate time to value with the new *nix App input configurations panel.
• Scale your Splunk environment to easily include and monitor new systems and extend Splunk capabilities for Enterprise Security and PCI compliance to your *nix systems.
• Correlate data from your *nix infrastructure with data from applications, network, virtual and physical infrastructure for your enterprise wide visibility

However;

If you wanted to do this yourself, there are lots of ways to do this.
1.) Script an input of top, or ps, something like that
2.) Set it to run on a regular interval - GUIDE / EXAMPLE: here
3.) Use multikv and stats and a scheduled alert to trigger given your desired thresholds.
4.) Configure email setttings
5.) Setup email notification