search cancel

How to get top 5 processes and attach on Alarm message (notes)


Article ID: 9658


Updated On:


DX Unified Infrastructure Management (Nimsoft / UIM)


This document is designed to describe how to get top “5” process from Windows or Linux operational system when any alarm related to CPU utilization occur and attach the output on alarm notes.

This can be useful if you need to improve monitoring capability creating automation level on the event management process adding value to operators and event escalation.


Windows 2008 / 2012 32bit or 64bit

Unix / Linux 32bit - 64 bit


Nimbus robot 7.61 or later must be installed on the target server where the “top cpu” will be collected.

Probes needs to be installed:

Nexec v1.35 or later

CDM v5.21 or later


Step 1 – Configure the LUA script

Step 2 – Configure nexec probe

Step 3 – Create auto operator (AO) profile

Step 4 - Perform a LAB test


Step 1 – Configure the LUA script:

Open the NAS probe on the primary hub, click the Auto-Operator tab and click Scripts tab.

Right-click on the blank field and click New/Script as you can see below, the new Script popup will show as below.

Paste this content inside the top blank field:


-- require ("JMC/remko-lib")

-- Get the alarm object





a=alarm.get ()

-- Extract the NimID from the alarm object

--nimid = a

--for i,a in pairs(al) do

--   print ("teste ",a.sid," ",a.nimid," ",a.hostname," ",a.severity," ",a.message)

nimid = a.nimid


-- Extract the address details from the alarm object

domain = a.domain

hub = a.hub

robot = a.robot


-- Construct the address as /domain/hub/robot/probe

addr="/" .. a.domain .. "/" .. a.hub .. "/" .. a.hostname .. "/nexec"


-- Create a PDS object to use to send details

pdsIn = pds.create()


-- Add a string key/value pair to the PDS to tell the probe which profile to run



-- Run the “run_profile” callback of the nexec probe

outTable = nimbus.request(addr,"run_profile",pdsIn)


-- Take the “stdout” parameter from the returned table

stdout = outTable['stdout']


-- Create a new PDS to use to construct a note

notePds = pds.create()


-- Add key/value pairs to the PDS to define the NimID, Description and body


pds.putString(notePds,"description","Output from Exec")



-- Run the “note_attach” callback of NAS to attach a note to the NimID




The LUA script is appropriate to extract information from alarms and construct a path to call back probe in context. Variables are created to put this script running in any situation, the only static information you should check and is related to the “nexec” probes is the profile name (get_top_process). 


Step 2 – Configure and test nexec probe:

Active: check box the field

Name: get_top_process

Command: powershell

Argument: -command "Get-Process | Select-Object name, CPU | sort CPU | select -last 5"

ACL required: Available to all

See the print screen below:


If you want to use in Linux on the Command you must set: PS

and have a command like this:

ps -Ao user,uid,comm,pid,pcpu,tty --sort=-pcpu | head -n 6


Now run the test and check if top 5 process are showing on Stdout window.

Click the Start tab as below:

The Run profile popup will show up, click the Run button, and see the results as below:

At this result, you can see the top process are spooler, lsass, java, controller and rsp.


Step 3 – Create auto operator (AO) profile:



Step 4 – Perform a LAB test:

For tests purpose, please change the threshold for Low alarm to 1% and it should generate an alarm information alarm. This information alarm will “trigger” the AO profile and run the script.


After you configure this steps you will be able to see a alarm with top 5 process with CPU usage, if you want you can increase or lower the number on the powershell command, you can adjust whatever you need.

This call back with a small adjust you can use for other probes you just need to understand the process and you can work with others alarms and probe.


1558703314415000009658_sktwi1f5rjvs16lab.bmp get_app
1558703312422000009658_sktwi1f5rjvs16laa.bmp get_app
1558703310015000009658_sktwi1f5rjvs16la9.bmp get_app
1558703308083000009658_sktwi1f5rjvs16la8.bmp get_app
1558703306019000009658_sktwi1f5rjvs16la7.bmp get_app
1558703303959000009658_sktwi1f5rjvs16la6.bmp get_app
1558703302159000009658_sktwi1f5rjvs16la5.bmp get_app
1558703300208000009658_sktwi1f5rjvs16la4.bmp get_app
1558703297923000009658_sktwi1f5rjvs16la3.bmp get_app