Splunk® App for Infrastructure (Legacy)

Use Splunk App for Infrastructure

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® App for Infrastructure (Legacy). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Monitor CPU resource utilization using Splunk App for Infrastructure

You can create an alert to notify you when your CPU.system is running at a high level. For example, a server is running at 100% of CPU.system utilization for the past 15 minutes. This is affecting the performance of server, and degrading application delivery and user experience.

Problem: Too many duplicated processes and threads are running at the same time, due to a bug in a patch that was deployed. The server is running 100% on cpu.system for the past 15 minutes.

Resolution: Set up an alert to issue a warning when the average CPU.system utilization is greater than 89 percent, for a period of 15 minutes or more.

Admin privileges required to configure and manage alerts.

Steps

Step 1: Investigate the entity for which you want to set an alert

  1. Click the Investigate tab to display a list of your entities.
  2. Click the entity for which you want to set an alert and drilldown to the Analysis Workspace
      Infrastructure alert usecase1.png

Step 2: Select the metric to set the alert

  1. On the Analysis Workspace, click the Metrics tab.
  2. Select cpu > system. A new chart displays.
      Infrastructure alert usecase2a.png

Step 3: Save the chart as an alert

  1. In the chart, click the ... and select Create Alert. This launches the Create Alert dialog.
      Infrastructure alert usecase3a.png

Step 4: Configure the alert

  1. Enter information to create an alert:
    • Name: The alert is automatically given an alert name. Change the name if desired, following the character requirements.
    • Type Id: The entity or group name is displayed.
    • Metric: The type of metric selected for the chart, along with data analysis information.
    • Trigger Actions: Enter thresholds for alert trigger conditions.
    • Notify if: Select to notify a recipient if the alert severity improves or degrades.
    • Send email: Check the box next to the envelope to send an email when the alert triggers.
    • Enter Recipients: Enter email address(es) for alert notification recipients.
  2. Click Submit.
      Infrastructure alert usecase4a.png

Step 5: Display alerts as a chart in the Analysis Workspace

  1. Click the Alerts tab to display the created alert.
  2. Click the alert from the list to display the alert as a chart. This allows you to monitor the alert in the main panel view. When an alert triggers, the icon and chart displays the alert color, and alert details display in the right Analysis panel.
      Infrastructure alert usecase5.png

Step 6: View triggered alerts from the Alerts List View

You can view your most recent triggered alerts from the Alerts List View.

  1. Click Alerts in the menu bar at the top of the user interface.
  2. Click an entity or group to view more details about the alert in the right slide-out panel. The following screen shows akron.usa.com
      Infrastructure cpu alerts listview.png

Summary

You now have an alert that will notify you by email if your entity's cpu.system reaches 89% or more.

Last modified on 04 January, 2019
PREVIOUS
Monitor CPU usage using Splunk App for Infrastructure
  NEXT
Using the Infrastructure Overview in Splunk App for Infrastructure

This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 1.2.0, 1.2.1, 1.2.2, 1.2.3


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters