The deployment health for my Splunk containers constantly appears yellow because of triggered IO wait alerts single_cpu__max_perc_last_3m and sum_top3_cpu_percs__max_last_3m. This occurs even when the containers are idle, not processing data or serving searches. I suspect that this alert is reading the iowait % for all cores on the host, instead of only those allocated to the container. If that's the case, this might not be the most useful signal for containerized deployments. Is it appropriate to entirely disable the IOWait health alerts for docker-splunk instances?
The deployment health for my Splunk containers constantly appears yellow because of triggered IO wait alerts
single_cpu__max_perc_last_3mandsum_top3_cpu_percs__max_last_3m. This occurs even when the containers are idle, not processing data or serving searches. I suspect that this alert is reading the iowait % for all cores on the host, instead of only those allocated to the container. If that's the case, this might not be the most useful signal for containerized deployments. Is it appropriate to entirely disable the IOWait health alerts for docker-splunk instances?