Splunk is showing high CPU load on Linux Server

4uramana4u · ‎04-20-2021

Hello Splunk Experts,

I have an issue with measuring the CPU load in a Linux box.

With the below query, I am getting a high CPU usage when there were no activities running on Linux Server.

Actually, the server status is pretty much an Idea most of the time and it is being used as a backup server.

cpu_load = 100 - PercentIdleTime;

eval cpu_load = 100 - PercentIdleTime | stats avg(cpu_load) as "CPUUsage" by host | eval "CPUUsage"=round('CPUUsage', 2) | where CPUUsage>90

Pikta · ‎04-22-2021

Hi, @4uramana4u
Can you write your Linux machine parameters?
Maybe the answer in your question is here:

Splunk hardware requirements
The following are the minimum and recommended hardware requirements for running Splunk Light.

Platform : Non-Windows platforms

Minimum supported hardware: 1x1.4 GHz CPU, 1 GB RAM

Recommended hardware : 2x six-core, 2+ GHz CPU, 12 GB RAM, Redundant Array of Independent Disks (RAID) 0 or 1+0, with a 64 bit OS installed.

4uramana4u · ‎05-27-2021

Thanks for the reply.

The intended server is actually a Database server managing the production data and we want the CPU usage to be monitored by Splunk.

In terms of hardware, it is well equipped and it has nearly 1 million DB transactions per day.