False Positive High CPU in only one Node SAM

I have a situation where SAM keeps alerting on High CPU for one or two particular servers. I've tried setting the thresholds differently for the Nodes in question but still get the alerts!?

Things I've noticed:

  • In our cloud infrastructure the machine has 2 CPU's (This shouldn't matter as we've monitored Nodes with upwards of 6 CPU's without issues)
  • On the infrastructure side we cannot see anything hitting 100% but we do see 2 CPU's at 50%?

The High CPU Alerts I've used are the ones out of the box with some slight tweaking. I know I could filter out that node with slightly different logic in the alert criteria. I see were this has similarly been asked but my question wasn't particularly addressed by anything I saw on here? 

Any point in the right direction for this SAM Admin would be greatly appreciated!

  • , can you post a couple of screenshots to help paint a visual picture of what you're experiencing? Things like the node's CPU utilization during the triggered false positive and the alert criteria would be beneficial

  • I should have clarified...this isn't an Alerting issue but more of an issue something displaying as critical in our dashboard marked with a Red exclamation point! From what I have been seeing it seems to be the way that SAM looks at the Node. It has 2 CPU's but if one is at 55% and the other 45% it shows as Critical (in Red) at 100%. We are not getting alerted it's just showing as Critical. Our Alert criteria filters out an alerting false positive.

    It's more of an issue of the Node showing as "Critical" in our dashboard which is deceiving. I've tweaked thresholds before for individual Nodes and that didn't seem to resolve much. I always look at the dashboard and if the lights are all green the traps clean!! 

    If you want a screenshot I'll see if I can get one as the issue pops up a bit. Thanks in advance and sorry for the delay. 

  • Seen this on some older windows versions, like 2012. Seems the wmi process spikes when orion asks for info and thus gets high values. Restarting the local wmi service on the node helped sometimes.

  • Thank YOU!! We did a restart of the WMI Service on the Node already

    and yes, it did help. I've also seen where if you remove/add a Node from a Template (IIS AppInsight for example) it seems to resolve the issues when its showing up as false positive but you can see the Services are clearly started etc