Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Monitor CPU cores of a Linux machine

hishamjan
Explorer
‎03-31-2021 11:00 PM

Hi, 

 

I have a Linux machine running on Centos 6.10 with a quad-core processor  (16 threads)

 

hishamjan_0-1617256707290.png

On Splunk, is there a way to monitor each of its threads? Because sometimes, the threads reach 100% and my system stops working until the threads are down to the current percentage values as in the above screenshot.

Any degree of help will be appreciated.

 

Regards.

0 Karma
Reply

jokertothequinn
Explorer
yesterday

This will do the trick:

| mstats avg(cpu_metric.*) as cpu_* WHERE index=<your_metrics_index> by CPU, host
| table CPU, host
| eventstats max(CPU) as cpu_count by host
| table cpu_count, host
| eval cpu_count=cpu_count+

 

the data being used is from the add on Link to the splunk add on for Splunk Add-on for Unix and Linux docs 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎03-31-2021 11:48 PM

Hi @hishamjan,

yes, you can monitor everything,

You can use the Splunk AddOn for Unix and Linux (https://splunkbase.splunk.com/app/833/) to take the logs and the Splunk App for Unix and Linux (https://splunkbase.splunk.com/app/273/) to display information.

If instead you want a custom control, you can create a custom scripted input using the command you used for the screenshot (https://docs.splunk.com/Documentation/Splunk/latest/AdvancedDev/ScriptedInputsIntro) to index the values and you can crete your own dashboard.

Anyway I hint to try with the splunkbase apps before to start to develop a custom one.

Ciao.

Giuseppe

0 Karma
Reply

hishamjan
Explorer
‎04-02-2021 12:19 PM

hi @gcusello 

sorry for the late response, but my Linux machine already has Splunk AddOn for Unix installed.

 

Is it possible to monitor its cores (threads)?

 

Thanks

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-03-2021 08:53 AM

Hi @hishamjan,

in the Splunk AddOn for Unix there are some scripts that run Linux commands as  cpu or iostat or others: they, when enabled, take stats on the cpu utilization.

I don't know the command you used in your screenshot, but if it's one of the already presente in app scripts you can take results only enabling it.

If instead the command you used is another one, you can see how scripts are done in that app and create your own scripted input using your command.

Anyway, in few words:

  • create in the $SPLUNK_HOME/etc/apps/Splunk_TA_nix/bin the file your_command.sh;
  • in the your_command.sh file put the command with all the options you want;
  • enable it to be executed;
  • create a stanza in inputs.conf (the one in local folder not in default) defining the frequency execution;
  • restart splunk on the machine or deploy it using the Deployment Server.

the script is very easy, it contains only the command as you run it in SSH.

the inputs.conf stanza is something like this:

 

[script://./bin/your_command.sh]
sourcetype = cpu_usage
source = your_command
interval = 300
disabled = 0

 

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...