Hi,
We are trying to create alerts on splunk servers for CPU usage, we noticed CPU on search peers is constantly hitting 90% of threshold and we have multisite cluster environment.
Alert Requirements:
Trigger an critical alert if CPU Usage is more than threshold(>60) on 5 indexer servers
Trigger an high severity alert if CPU usage is more than threshold(>60) on 3 indexer servers.
Below is splunk query I am trying to use and need some tweaking to get my required output:
| rest splunk_server_group=dmc_group_indexer splunk_server_group="*" /services/server/status/resource-usage/hostwide
| eval cpu_usage = cpu_system_pct + cpu_user_pct
| eval mem_used_pct = round(mem_used / mem * 100 , 2)
|search cpu_usage >50
|table splunk_server cpu_usage
Can you please help.
↧