Re: Inconsistencies from cpu.sh in *NIX App

Ricapar · ‎10-18-2012

We have a pretty diverse Unix/Linux environment - AIX, Solaris, Linux - multiple versions of each.

I was hoping to be able to use the *NIX App to monitor CPU usage across a bunch of them, but I'm starting to notice some oddities here and there.

I had taken some screenshots... but apparently you need > 60 karma to upload them.

Anyways, I do this simple search:

index=os host=myRHEL6host sourcetype=cpu

And I'm getting this back:

CPU    pctUser    pctNice  pctSystem  pctIowait    pctIdle
1.52       0.00       2.28       0.00       0.00      96.20
2.04       0.00       4.08       0.00       0.00      93.88
2.00       0.00       1.00       0.00       0.00      97.00
2.02       0.00       2.02       0.00       0.00      95.96
1.01       0.00       2.02       0.00       0.00      96.97

However, if I run cpu.sh on the actual machine:

[root@myRHEL6host bin]# ./cpu.sh
CPU    pctUser    pctNice  pctSystem  pctIowait    pctIdle
all       1.01       0.00       0.25       0.00      98.74
0         2.08       0.00       0.00       0.00      97.92
1         0.98       0.00       0.98       0.00      98.04
2         0.98       0.00       0.98       0.00      98.04
3         0.00       0.00       0.00       0.00     100.00

That's just one of many weird inconsistencies I'm seeing... A few more come up when I look at AIX and Solaris.

Any idea what's going on?

twollenslegel_s · ‎11-28-2017

This is now listed as a known issue with the Unix TA.

http://docs.splunk.com/Documentation/UnixAddOn/5.2.4/User/Releasenotes

polymorphic · ‎12-01-2015

Have a look at my answer to this question:
https://answers.splunk.com/answers/152670/why-is-cpu-sh-script-being-indexed-incorrectly-in-splunk-a...

Inconsistencies from cpu.sh in *NIX App

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!