All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Monitoring Processes using metrics and SAI

Skins
Path Finder
‎02-25-2020 05:21 PM

Is it possible to monitor whether processes are running using metrics data and SAI ?

I want to push out a config via UF to say monitor these X processes - and alert should any of them stop ?

gratzi

... also - i have a single UF reporting to Splunk - my SAI "Overview" dashboard - looks like this (last 15 mins)

UPTIME(h:m:s) 
top 10547   root    0   0.2 00: 00: 00 
top 10817   root    0   0.2 00: 00: 00
top 11789   root    0   0.2 00: 00: 00
top 13036   root    0   0.2 00: 00: 00
top 14295   root    0   0.2 00: 00: 00
top 17779   root    0   0.1 4+18: 58: 48

What is this telling me - i only have one instance of top running - which shows as 4days+ - where are all the other pids coming from?

ps -ef | grep -i top
root     17779 24995  0 Feb21 pts/1    00:03:02 top
root     30528 26798  0 12:27 pts/0    00:00:00 grep --color=auto -i top
#
0 Karma
Reply

dagarwal_splunk
Splunk Employee
Splunk Employee
‎02-26-2020 02:35 PM

The Overview dashboard for process looks only last 5 minutes for all the metrics.

You can also look into "Analysis" page to see the graphs for the process metrics. Here you can also split by dimensions like pid, process_name etc.. and set alerts as well.

Right now, you cannot set alert on SAI for process stopped/not running. Alerts won't fire when data stop coming for a particular process.

0 Karma
Reply

dagarwal_splunk
Splunk Employee
Splunk Employee
‎02-26-2020 10:45 AM

Are you using SAI's collectd processmon plugin?

How are you getting those process data?

0 Karma
Reply

dagarwal_splunk
Splunk Employee
Splunk Employee
‎02-26-2020 11:02 AM

All the other ids are for the top processes that you might have started for a short time in the past and stopped..

0 Karma
Reply

Skins
Path Finder
‎02-26-2020 12:13 PM

With this app:

No collectd req
https://splunkbase.splunk.com/app/4856/

Why would it show processes started in the past over a 15m window ?

Gratzi.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...