Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to get a good measure of load or cpu utilization in windows?

juniormint
Communicator
‎02-11-2014 06:31 AM

I would like to generate a plot of cpu utilization over time. I have some permon events coming in that look like

02/11/2014 09:21:04.315
collection=CPU
object=Processor
counter="% Processor Time"
instance=_Total
Value=0.0084302548057690885

and so I can easily enough write the following search

source="perfmon:cpu" | timechart span=15m avg(Value) as CPU

The problem I perceive is that I think permon:cpu is an instantaneous value. If so then the rate at which the agent reports sends updates (or events) sets a minimum detectable load. Basically I'm saying that if I am only getting a cpu event every 5 min, then chances are I would never see a 30sec spike in cpu utilization. I could just up the cpu event rate to someting like 10 sec (to detect 30 sec spikes), but I am wondering if there is another approach that will not involve increasing the number of cpu events dramatically?

Tags (2)
0 Karma
Reply

linu1988
Champion
‎02-11-2014 10:30 AM

Hello,
You are correct in your approach, but if you want the granular info you need to see the perfmon counter more frequently i.e. the interval needs to be in seconds. And you should not be concerned if there is a CPU spike for a second or two. Monitoring perfmon _total instance per day wont consume much from your license volume.

Second approach is an indirectly get the average value of your perfmon counter using one script. For that you need to collect instantaneous data into csv file using windows data collector and rather than perfmon.conf , in INPUTS.CONF you trigger a script which calculates the value for you and send an average for that 5 mins or whatever interval you want so that you don't loose anything.

Thanks

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf25, and our Community

Thank you to everyone in the Splunk Community who joined us for .conf25, which kicked off with our iconic ...

Data Persistence in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. What happens if the OpenTelemetry collector ...

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

Now On Demand Whether you're managing complex deployments or looking to future-proof your data ...