Skip to content
Hawk Host Knowledge Base

How to Find What's Causing CloudLinux Resource Limit Issues

When your hosting account hits a resource limit (CPU, memory, entry processes, etc.), CloudLinux automatically captures snapshots of what was happening at that moment. These snapshots help you identify exactly what caused the spike so you can fix the underlying issue.

What Is an Incident?

Section titled “What Is an Incident?”

An incident is created when your account generates multiple resource limit faults within a short time period. If faults occur within 300 seconds (5 minutes) of each other, they are grouped into a single incident. Several snapshots are generated for each incident, giving you a complete picture of what your account was doing when it hit the limit.

Accessing Snapshots

Section titled “Accessing Snapshots”

  1. Log in to cPanel and navigate to Resource Usage (under the Metrics section).

  2. If your account has hit any limits in the past 24 hours, the Dashboard tab will show which limits were reached (CPU, memory, I/O, etc.) along with a Details button:

    Resource Usage dashboard showing limits reached in the past 24 hours

  3. Click the Snapshot tab to view the captured snapshots. Use the date picker and the Choose snapshot dropdown to select the specific incident you want to investigate:

    Snapshot tab showing date picker and snapshot selection with process list

Snapshot Types

Section titled “Snapshot Types”

Each snapshot contains three tabs: Process list, Database Queries, and HTTP Queries.

Process List

Section titled “Process List”

The Process list tab shows all running processes on your account at the time of the incident. Each entry includes the PID (process ID), CMD (the command or script path), CPU usage percentage, and MEM (memory usage). This helps you spot:

  • Long-running or stuck PHP (lsphp) processes
  • Cron jobs consuming excessive resources
  • Which specific scripts under your public_html were executing

HTTP Queries

Section titled “HTTP Queries”

The HTTP Queries tab captures the web requests being processed when the limit was reached. It shows the Method (GET, POST, etc.), Duration (how long the request took), and the URL being accessed:

HTTP Queries tab showing request method, duration, and URL

This helps you identify:

  • Slow requests (look for high Duration values)
  • High-traffic pages or endpoints causing resource spikes
  • Bots or crawlers generating excessive requests
  • Specific PHP scripts (like wp-load.php or wp-cron.php) consuming too many resources

Database Queries

Section titled “Database Queries”

The Database Queries tab captures active MySQL queries at the time of the incident. Each entry shows the CMD (command type), Duration (how long the query ran), and a truncated SQL-query preview. Click Details to view the full query text:

Database Queries tab showing command, duration, SQL query preview, and details link

This helps you identify:

  • Slow or unoptimized database queries (look for high Duration values)
  • Queries missing proper indexes
  • Runaway queries locking tables or consuming excessive resources

Using Snapshots to Troubleshoot

Section titled “Using Snapshots to Troubleshoot”
  1. Start with HTTP Queries — Look for patterns. Is a single URL appearing repeatedly, or is a request taking an unusually long time? That is likely the source of the problem.
  2. Review the Process list — Check which processes were using the most CPU and memory. The CMD column shows the script path, which tells you exactly what was running.
  3. Examine Database Queries — If slow queries appear, consider adding indexes or optimizing the queries shown in the snapshot.

Common Causes Revealed by Snapshots

Section titled “Common Causes Revealed by Snapshots”
What You SeeLikely CauseSuggested Fix
Repeated requests to wp-cron.phpWordPress cron running too frequentlyDisable WP-Cron and use a real cron job
Many requests from bots/crawlersAggressive bot trafficBlock bots via .htaccess
Long-running lsphp processesUnoptimized scripts or pluginsReview and optimize the identified scripts or plugins
Slow SELECT queries on large tablesMissing database indexesAdd indexes to the columns used in WHERE and JOIN clauses
Multiple simultaneous cron jobsOverlapping cron schedulesStagger cron job timing or reduce frequency
Requests to wp-load.php with long durationHeavy WordPress AJAX or plugin activityIdentify the plugin making the request and optimize or replace it
Section titled “Related Articles”