Each search can consume up to one CPU core by default. Each real-time search (nasty things they are) consumes a CPU core indefinitely.
I would love to know why you need to know within 30s if one of these KPIs is breached. Will you fix the problem in less than 30s? Or will you wait 15 minutes for your mailbox to download your emails, refresh, generate a ticket, and then resolve the issue? If you can fix these problems in seconds rather than minutes then real-time might be worth the costs to you. Otherwise, schedule the alert to run every 5-15 minutes instead and be sure to account for indexing lag.
You'll note (if you look hard enough) that the solar winds details suffer from similar lag. You might think it's computing health every 30s, but instead you might actually have more lag than you solarwinds lets on.
... View more