Re: highest resource consumption alerts

rahul_splunk · ‎05-10-2023

Hi All,

I want to identify the alerts/usecases which are high in resources utilizing i.e., CPU consumption, RAM utilization etc.

BR,
RK

richgalloway · ‎05-10-2023

The Monitoring Console will tell you which searches use the most CPU. Go to Resource Usage->CPU Usage: Instance then scroll down to the "Median CPU Usage of Searches" panel and change the 'Split by' setting to "Search Name".

I'm not aware of a way to find out how much memory searches use.

---
If this reply helps you, Karma would be appreciated.

rahul_splunk · ‎05-11-2023

@richgalloway Thanks for your response. But I wanted to monitor it for specific alerts.

richgalloway · ‎05-12-2023

Copy the MC search and modify it to suit your purposes. You can copy an MC panel by clicking on the magnifying glass icon in the bottom-right corner of the panel.

---
If this reply helps you, Karma would be appreciated.

ITWhisperer · ‎05-10-2023

That sounds like an interesting thing to do - what have you tried so far?

rahul_splunk · ‎05-11-2023

Hi @ITWhisperer ,
I was looking on an alert to notify, if any host stops sending logs.
https://www.splunk.com/en_us/blog/tips-and-tricks/how-to-determine-when-a-host-stops-sending-logs-to...

It seems to be a complex query with combination of commands and function.

If we have some complex alerts like this in production environment, how our appliance gonna sustain?

So wanted to check a way, we can monitor resource when alert like this triggers!

How can I identify highest resource consumption alerts?

alert action

alert condition

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...