How to add memory utilization and CLI in top 10 process alert

How to add memory utilization and CLI in top 10 process alert

  • I presume you are talking about the Top 10 menu item under My Dashboards? 

    On that basis, then I have found out that this menu/widget is not editable by us, but there are two (that I can see) possible ways to achieve this. The first is to submit a Feature Request over here: Feature Requests but that is not going to be an immediate help if ever depending on votes, etc...

    The practical way to do this is to utilise a modern dashboard and if you've never done this then start here:  All in on Modern Dashboards written by one of THWACK's MVPs. 

    Our main SolarWinds environment supports multiple clients and one of my first moans about the Top 10 is that I couldn't make it client specific, it was only ever environment wide. Then along came MDs and now I can make as many client specific Top 10's as I like and include the stats I (or more likely, the client) wants to see or have access to.

    All that is to say to you - go down the road of a modern dashboard and add the link to that to your menus... to give you an idea, our menu now shows direct links to some of our most used MDs: (the blanked out bits are client names)

    You can pretty much have the stats you want, for the nodes you want and place them into the current menu system.

  • Am looking for a different solution. Currently, I have a HIGH CPU alert that will generate along with the top 10 processes with its CPU utilization. Similar to that, I need to generate a memory alert with 10 top processes with its memory utilization.

  • Then it sounds to me like you already have the start of your solution. Just duplicate and adapt your current CPU alert to do similar for CPU.

  • Can you share your HIGH CPU alert settings?

  • If we start with the alert action, it shows the following:

    For the alert that displays the top 10 processes, it uses the SolarWinds.APM.RealTimeProcessPoller.exe executable on your SolarWinds server.

    If you navigate to the server and get help (/?) on the program from the CLI, it provides the following:

    SolarWinds.APM.RealTimeProcessPoller.exe -n=<NodeID> [-count=<NumberOfProcesses>] [-sort=<SortBy>] [-timeout=<PollingTimeout>] [-alertid=<AlertID>]
    
    Command line arguments:
    -n - defines ID of a Node (NodeID), which will be polled
    -count - defines number of processes to show
    -sort - defines criteria to use for selection of top processes. Possible values:
            CPU - processor time. This is default value if command line argument is not specified
            PhysicalMemory - process physical memory
            VirtualMemory - process virtual memory
            DiskIO - process disk I/O per second
    
    -timeout - defines timeout for polling in seconds
    -alertid - defines AlertID of associated triggered alert. If this argument is provided, then alert notes are updated with results from polling
    -activeObject - defines ActiveObject property of associated triggered alert. If this argument is not provided, NodeID is used
    
    Example:
        SolarWinds.APM.RealTimeProcessPoller.exe -n=123 -count=20 -sort=VirtualMemory -timeout=300
    
    Example usage from 'Execute an External Program' alert action:
        SolarWinds.APM.RealTimeProcessPoller.exe  -n=${NodeID} -alertid=${N=Alerting;M=AlertID}
    
    Example usage from 'Execute an External Program' alert action - for alert defined for 'Volume' object type:
        SolarWinds.APM.RealTimeProcessPoller.exe -n=${NodeID} -alertid=${N=Alerting;M=AlertID} -activeObject=${NetObjectID} -sort=VirtualMemory
        

    If we go back to the execution of the action, you can see it uses the syntax (converted to multiple lines for reasability):

    SolarWinds.APM.RealTimeProcessPoller.exe
       -n=${NodeID}
       -alert=${N=Alerting;M=AlertDefID}
       -alertId=${N=Alerting;M=AlertID}
    

    Running it with just a node number (-n=1), returns the process list sorted by CPU. (the default)

    System information:
            Processor count: 4
            Total Physical Memory: 13,931,436 kB
            Total Virtual Memory: 31,234,988 kB
            Total Process Count: 201
    
    Name                                            Process ID      CPU
    WmiPrvSE.exe                                    18060           21.35 %
    lsass.exe                                       800             4.18 %
    conhost.exe                                     15468           2.66 %
    svchost.exe                                     2664            1.9 %
    MsMpEng.exe                                     2256            1.29 %
    SWJobEngineWorker2x64.exe                       10616           0.99 %
    erl.exe                                         4420            0.68 %
    SWJobEngineSvc2.exe                             4796            0.68 %
    svchost.exe                                     468             0.61 %
    SolarWinds.InformationService.ServiceV3.exe     5728            0.53 %
    

    It can also be sorted other ways by adding in the -sort parameter.  Below, I run it with -sort=PhysicalMemory.

    System information:
            Processor count: 4
            Total Physical Memory: 14,246,828 kB
            Total Virtual Memory: 31,550,380 kB
            Total Process Count: 204
    
    Name                                                    Process ID      Physical Memory
    w3wp.exe                                                3968            1,121,204 kB
    SolarWinds.BusinessLayerHost.exe                        3316            974,988 kB
    SolarWinds.InformationService.ServiceV3.exe             5728            686,744 kB
    SolarWinds.Collector.Service.exe                        2960            620,740 kB
    SolarWinds.ServiceHost.Process.exe                      2236            316,732 kB
    MsMpEng.exe                                             2256            315,396 kB
    SolarWinds.Administration.exe                           2880            303,608 kB
    SolarWinds.BusinessLayerHost.exe                        10388           299,468 kB
    SWJobEngineWorker2x64.exe                               10616           237,004 kB
    NetFlowService.exe                                      14796           210,284 kB

    It can also be run with DiskIO or VirtualMemory as a sort parameter.

    The most important part in the Alert Action is to provide an Alert and an AlertID as parameters.  Why?

    This is alert has escalations:

    When the High CPU is detected, it runs the SolarWinds.APM.RealTimeProcessPoller.exe executable which stores the results in the Alert Notes for that triggered alert (because we included the Alert and AlertID as parameters).

    The second escalation (which executes 2 minutes after the first) is what actually sends the email to the parties.  One of the variables in that message is the notes, updated in the previous escalation.

    You can do the same thing for memory, virtual memory, and disk IO - just be sure to change the language and the alert triggers to match what's being expected.