Alerting

How to configure unix servers cpu and file system usage email alerts?

gsrikanth87
Path Finder

We want to monitor

  • aix file system usage(throshold 95%)
  • cpu uage (%)
  • mem uage (%)
  • disk uage (%)

If their utilization is exceeds the threshold, then we want to alert by mail. Please let us know if you need more details.

0 Karma

aljohnson_splun
Splunk Employee
Splunk Employee

Have you seen the Splunk App for Unix and Linux ?

From the documentation:

With innovative visualizations and customizable host groupings, the Splunk App for Unix and Linux comes with over forty out-of-the box OS performance metrics monitoring and twelve pre-packaged alerts helping you easily identify issues and quickly resolve anomalies. It provides context of important activity in your nix environment around significant events and helps you navigate into resources that are over- or under- utilized for **easy capacity optimization*.

Use Splunk Enterprise to combine your Unix and Linux systems data with data from all other technology tiers such as hypervisors, applications, storage, networks and servers to gain a complete, central view of KPIs across your entire enterprise. Analyze and correlate performance, capacity, error and security information across all your technology tiers with the Big Data scale provided by Splunk Enterprise, for faster problem resolution and more accurate capacity planning. Reclaim underutilized resources and replenish over-utilized capacity for optimal cost control. With the Splunk App for Unix and Linux you can:

  • Visualize the operational health of your Unix and Linux environment through innovative dashboards customizable to service-groupings in your environment
  • Utilize NOC-style dashboards for insight into resource consumption of desired systems
  • Easily identify anomalies and outliers across the most important performance metrics from all your systems
  • *Quickly compare CPU, RAM and disk capacity utilization across many hosts *
  • *Proactively monitor your environment by utilizing out of the box pre-packaged alerts, flexible visualizations, and configurable headline style alert views *
  • Easily add new systems and data inputs and accelerate time to value with the new *nix App input configurations panel.
  • Scale your Splunk environment to easily include and monitor new systems and extend Splunk capabilities for Enterprise Security and PCI compliance to your *nix systems.
  • Correlate data from your *nix infrastructure with data from applications, network, virtual and physical infrastructure for your enterprise wide visibility

However;

If you wanted to do this yourself, there are lots of ways to do this.
1.) Script an input of top, or ps, something like that
2.) Set it to run on a regular interval - GUIDE / EXAMPLE: here
3.) Use multikv and stats and a scheduled alert to trigger given your desired thresholds.
4.) Configure email setttings
5.) Setup email notification

0 Karma

ppablo
Retired

Hi @gsrikanth87

It'll be easier for users on Splunk Answers to help you if you can provide more details. What search are you currently using for this? Is there a certain threshold you want the alert to be triggered by and how often do you want the email alerts to be sent out? Any additional information will be good to get you a faster answer.

0 Karma

gsrikanth87
Path Finder

Thank you for your response. We want to monitor aix file system usage(throshold 95%) and cpu uage (%), mem uage (%),disk uage (%). If their utilization is exceeds the threshold, then we want to alert by mail. Please let us know if you need more details/

0 Karma
Get Updates on the Splunk Community!

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...

Explore the Latest Educational Offerings from Splunk (November Releases)

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...