Re: Critical System Physical Memory Usage

cybermonday · ‎07-14-2020

Oracle Linux 7.5
Splunk Core 7.2.5

Alert Name -- DMC Alert - Critical System Physical Memory Usage
The alert works on below rest command which pulls 2 fields from systems --- mem and mem_used.

| rest splunk_server_group=dmc_group_* /services/server/status/resource-usage/hostwide

we have learned that this alert is giving false value after confirming from oracle support.
as per them, when running "free -m" command - "In Oracle Linux 7/8, the focus should be on the "available" column.
The available column estimates how much memory is available for starting new applications without swapping. If, the system still has 28G available memory and you see 26G in "used" - that is because this is how Linux behaves. Linux treats the memory that can be made available upon request as "used"."

also see - - https://www.redhat.com/sysadmin/dissecting-free-command

So, I am interested to fetch the "available memory" field from hosts. So that I can do some eval and then optimize the existing alert to suit fit to our needs.

Is there any way, how to pull the "available memory" field from hosts?

evinasco08 · ‎01-02-2024

Hi @cybermonday could you fix the problem?

Critical System Physical Memory Usage

monitoring console

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Join the Conversation