Getting Data In

Monitor CPU cores of a Linux machine

hishamjan
Explorer

Hi, 

 

I have a Linux machine running on Centos 6.10 with a quad-core processor  (16 threads)

 

hishamjan_0-1617256707290.png

On Splunk, is there a way to monitor each of its threads? Because sometimes, the threads reach 100% and my system stops working until the threads are down to the current percentage values as in the above screenshot.

Any degree of help will be appreciated.

 

Regards.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @hishamjan,

yes, you can monitor everything,

You can use the Splunk AddOn for Unix and Linux (https://splunkbase.splunk.com/app/833/) to take the logs and the Splunk App for Unix and Linux (https://splunkbase.splunk.com/app/273/) to display information.

If instead you want a custom control, you can create a custom scripted input using the command you used for the screenshot (https://docs.splunk.com/Documentation/Splunk/latest/AdvancedDev/ScriptedInputsIntro) to index the values and you can crete your own dashboard.

Anyway I hint to try with the splunkbase apps before to start to develop a custom one.

Ciao.

Giuseppe

0 Karma

hishamjan
Explorer

hi @gcusello 

sorry for the late response, but my Linux machine already has Splunk AddOn for Unix installed.

 

Is it possible to monitor its cores (threads)?

 

Thanks

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @hishamjan,

in the Splunk AddOn for Unix there are some scripts that run Linux commands as  cpu or iostat or others: they, when enabled, take stats on the cpu utilization.

I don't know the command you used in your screenshot, but if it's one of the already presente in app scripts you can take results only enabling it.

If instead the command you used is another one, you can see how scripts are done in that app and create your own scripted input using your command.

Anyway, in few words:

  • create in the $SPLUNK_HOME/etc/apps/Splunk_TA_nix/bin the file your_command.sh;
  • in the your_command.sh file put the command with all the options you want;
  • enable it to be executed;
  • create a stanza in inputs.conf (the one in local folder not in default) defining the frequency execution;
  • restart splunk on the machine or deploy it using the Deployment Server.

the script is very easy, it contains only the command as you run it in SSH.

the inputs.conf stanza is something like this:

 

[script://./bin/your_command.sh]
sourcetype = cpu_usage
source = your_command
interval = 300
disabled = 0

 

Ciao.

Giuseppe

0 Karma