All Apps and Add-ons

Example of how to monitor CPU utilization by processes?

sloshburch
Splunk Employee
Splunk Employee

Does anyone have examples of how to use Splunk to monitor CPU utilization by processes?

0 Karma
1 Solution

sloshburch
Splunk Employee
Splunk Employee

The Splunk Product Best Practices team helped produce this response. Read more about use case examples Splunk® Platform Use Cases on Splunk Docs.

This use case enables system administrators to identify when systems slow down because of inadequate CPU resources. System performance can slow down if there isn't enough CPU available to support the system, which can impact the user experience.

This use case appears in the Splunk Essentials for Infrastructure Troubleshooting and Monitoring app and the Splunk Essentials for Application Analytics app. For more examples, see the Splunk Essentials for Infrastructure Troubleshooting and Monitoring and the Splunk Essentials for Application Analytics apps on Splunkbase.

Load data

How to implement:

  1. Ingest operating system logs and operating system metrics into Splunk Enterprise
  2. Install the Splunk Add-on for Windows or *nix, and enable memory monitoring for your infrastructure
  3. Enable the basic data collection for CPU utilization with the script://./bin/cpu.sh input of the Splunk Add-on for Unix and Linux and/or the perfmon://CPU input of the Splunk Add-on for Microsoft Windows. Find the Splunk Add-on for Windows and Splunk Add-on for Unix and Linux on Splunkbase.

Data check: This use case depends on operating system logs and operating system metrics.

Get insights

This use case enables system administrators to track the CPU utilization of every process. This use case tracks overall CPU utilization and identifies the various processes that consume it.

Use the following search:

index=* tag=process tag=report
| stats max(process_cpu_used_percent), max(process_mem_used) BY process_name, host

Best practice: In searches, replace the asterisk in index=* with the name of the index that contains the data. By default, Splunk stores data in the main index. Therefore, index=* becomes index=main. Use the OR operator to specify one or multiple indexes to search. For example, index=main OR index=security. See About managing indexes and How indexing works in Splunk docs for details.

Help

Enable the [script://./bin/ps.sh] input from the Splunk Add-on for Unix and Linux, and the [perfmon://Process] input from the Splunk Add-on for Windows.

If no results appear, deploy the Add-ons to the search heads to access the knowledge objects necessary for simple searching. See About installing Splunk add-ons in the Splunk Add-ons manual for assistance.

For more support, post a question to the Splunk Answers community.

View solution in original post

0 Karma

sloshburch
Splunk Employee
Splunk Employee

The Splunk Product Best Practices team helped produce this response. Read more about use case examples Splunk® Platform Use Cases on Splunk Docs.

This use case enables system administrators to identify when systems slow down because of inadequate CPU resources. System performance can slow down if there isn't enough CPU available to support the system, which can impact the user experience.

This use case appears in the Splunk Essentials for Infrastructure Troubleshooting and Monitoring app and the Splunk Essentials for Application Analytics app. For more examples, see the Splunk Essentials for Infrastructure Troubleshooting and Monitoring and the Splunk Essentials for Application Analytics apps on Splunkbase.

Load data

How to implement:

  1. Ingest operating system logs and operating system metrics into Splunk Enterprise
  2. Install the Splunk Add-on for Windows or *nix, and enable memory monitoring for your infrastructure
  3. Enable the basic data collection for CPU utilization with the script://./bin/cpu.sh input of the Splunk Add-on for Unix and Linux and/or the perfmon://CPU input of the Splunk Add-on for Microsoft Windows. Find the Splunk Add-on for Windows and Splunk Add-on for Unix and Linux on Splunkbase.

Data check: This use case depends on operating system logs and operating system metrics.

Get insights

This use case enables system administrators to track the CPU utilization of every process. This use case tracks overall CPU utilization and identifies the various processes that consume it.

Use the following search:

index=* tag=process tag=report
| stats max(process_cpu_used_percent), max(process_mem_used) BY process_name, host

Best practice: In searches, replace the asterisk in index=* with the name of the index that contains the data. By default, Splunk stores data in the main index. Therefore, index=* becomes index=main. Use the OR operator to specify one or multiple indexes to search. For example, index=main OR index=security. See About managing indexes and How indexing works in Splunk docs for details.

Help

Enable the [script://./bin/ps.sh] input from the Splunk Add-on for Unix and Linux, and the [perfmon://Process] input from the Splunk Add-on for Windows.

If no results appear, deploy the Add-ons to the search heads to access the knowledge objects necessary for simple searching. See About installing Splunk add-ons in the Splunk Add-ons manual for assistance.

For more support, post a question to the Splunk Answers community.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...