How to get top 5 processes and attach on Alarm message (notes)

Document ID : KB000009658
Last Modified Date : 03/05/2018
Show Technical Document Details

This document is designed to describe how to get top “5” process from Windows or Linux operational system when any alarm related to CPU utilization occur and attach the output on alarm notes.

This can be useful if you need to improve monitoring capability creating automation level on the event management process adding value to operators and event escalation.

Windows 2008 / 2012 32bit or 64bitUnix / Linux 32bit - 64 bit

Nimbus robot 7.61 or later must be installed on the target server where the “top cpu” will be collected.

Probes needs to be installed:

Nexec v1.35 or later

CDM v5.21 or later


Step 1 – Configure the LUA script

Step 2 – Configure nexec probe

Step 3 – Create auto operator (AO) profile

Step 4 - Perform a LAB test


Step 1 – Configure the LUA script

Open the NAS probe on the primary hub, click the Auto-Operator tab and click Scripts tab.

Right click on the blank field and click New/Script as you can see below, the new Script popup will show as below.


Paste this content inside the top blank field:


New Script NAS.bmp


-- require ("JMC/remko-lib")

-- Get the alarm object






 a=alarm.get ()

-- Extract the NimID from the alarm object

--nimid = a

--for i,a in pairs(al) do

--   print ("teste ",a.sid," ",a.nimid," ",a.hostname," ",a.severity," ",a.message)

nimid = a.nimid


-- Extract the address details from the alarm object

domain = a.domain

hub = a.hub

robot = a.robot


-- Construct the address as /domain/hub/robot/probe

addr="/" .. a.domain .. "/" .. a.hub .. "/" .. a.hostname .. "/nexec"


-- Create a PDS object to use to send details

pdsIn = pds.create()


-- Add a string key/value pair to the PDS to tell the probe which profile to run



-- Run the “run_profile” callback of the nexec probe

outTable = nimbus.request(addr,"run_profile",pdsIn)


-- Take the “stdout” parameter from the returned table

stdout = outTable['stdout']


-- Create a new PDS to use to construct a note

notePds = pds.create()


-- Add key/value pairs to the PDS to define the NimID, Description and body


pds.putString(notePds,"description","Output from Exec")



-- Run the “note_attach” callback of NAS to attach a note to the NimID



Lua Script on NAS.bmp

The LUA script is appropriate to extract information from alarms and construct a path to call back probe in context. Variables are created to put this script running in any situation, the only static information you should check and is related to the “nexec” probes is the profile name (get_top_process). 


Step 2 – Configure and test nexec probe

Active: check box the field

Name: get_top_process

Command: powershell

Argument: -command "Get-Process | Select-Object name, CPU | sort CPU | select -last 5"


ACL required: Available to all

See the print screen below:

Nexec profile configuration.bmp

If you want to use in Linux on the Command you must set: PS

and have a command like this:

ps -Ao user,uid,comm,pid,pcpu,tty --sort=-pcpu | head -n 6


Now run the test and check if top 5 process are showing on Stdout window.

Click the Start tab as below:

Start tab on the nexec.bmp

The Run profile popup will show up, click the Run botton and see the results as below:

Run profile output.bmp

At this result you can see the top process are spooler, lsass, java, controller and rsp.


Step 3 – Create auto operator (AO) profile

Create_auto operator (AO) profile.bmp


Step 4 – Perform a LAB test 

For tests purpose, please change the threshold for Low alarm to 1% and it should generate an alarm information alarm. This information alarm will “trigger” the AO profile and run the script.

CDM low threshold.bmp

Click_on the notes botton on the alarm test.bmp



After you configure this steps you will be able to see a alarm with top 5 process with CPU usage, if you want you can increase or lower the number on the powershell command, you can adjust whatever you need.

This call back with a small adjust you can use for other probes you just need to understand the process and you can work with others alarms and probe.