Understanding and Monitoring CPU Steal Time in Virtual Machines

CPU Steal Time is a performance metric displayed by the GNU top command, often showing a value of 0 or very low on physical machines, but it becomes important to monitor on virtual machines where the metric can indicate resource contention.

The top output includes a %Cpu(s) line whose last field, labeled st , represents the steal‑time percentage; screenshots in the original article illustrate how this value appears at the end of the line.

In a virtualized environment, the hypervisor schedules multiple guest VMs on shared physical CPU resources. When the hypervisor allocates CPU time to other VMs or its own management processes, the guest VM’s vCPU may be forced to wait, and this waiting time is reported as steal time.

High steal time can arise from over‑allocation of CPU resources, VM migration to another host, or sustained heavy load on neighboring VMs. When the metric stays above 10 % for an extended period (e.g., 30 minutes), it signals that the guest VM is being starved of CPU cycles.

To assess the situation, treat steal time below 10 % as normal. If it exceeds this threshold, consider increasing the CPU quota for the VM, migrating the VM to a less loaded host, or using a dedicated (exclusive) cloud instance for latency‑sensitive workloads.

The article concludes with a call to like, share, and follow the author for more technical content.