https://community.splunk.com/t5/Monitoring-Splunk/Splunk-Alert-for-disk-space-usage/m-p/336065#M3028 <P>I have a query that monitors DiskSpace usage and sends out alert if the diskspace goes up more then 80 percent. My Splunk account has a limit on realtime alert and i have more then 1 mongo servers so I tried using host "mongo*" since they are Mongo1, mongo2 ..<BR /> so this way I have just 1 alert for all the mongo server.</P> <P>The alert works corrects but I get lot of emails about different servers.; I need a configuration or a query where I get just 1 alert which shows all the mongo servers that surpass 80 percent threshold instead of 10 different email.</P> <P>Can someone help???</P> <P>below is the query that I am using</P> <PRE><CODE>host="MONGO*" sourcetype=df | multikv fields Filesystem Type Size Used Avail UsePct MountedOn | convert auto(UsePct) | where UsePct&gt;80 </CODE></PRE> Mon, 11 Dec 2017 17:07:23 GMT shakeel253 2017-12-11T17:07:23Z https://community.splunk.com/t5/Monitoring-Splunk/Splunk-Alert-for-disk-space-usage/m-p/336065#M3028 <P>I have a query that monitors DiskSpace usage and sends out alert if the diskspace goes up more then 80 percent. My Splunk account has a limit on realtime alert and i have more then 1 mongo servers so I tried using host "mongo*" since they are Mongo1, mongo2 ..<BR /> so this way I have just 1 alert for all the mongo server.</P> <P>The alert works corrects but I get lot of emails about different servers.; I need a configuration or a query where I get just 1 alert which shows all the mongo servers that surpass 80 percent threshold instead of 10 different email.</P> <P>Can someone help???</P> <P>below is the query that I am using</P> <PRE><CODE>host="MONGO*" sourcetype=df | multikv fields Filesystem Type Size Used Avail UsePct MountedOn | convert auto(UsePct) | where UsePct&gt;80 </CODE></PRE> Mon, 11 Dec 2017 17:07:23 GMT https://community.splunk.com/t5/Monitoring-Splunk/Splunk-Alert-for-disk-space-usage/m-p/336065#M3028 shakeel253 2017-12-11T17:07:23Z https://community.splunk.com/t5/Monitoring-Splunk/Splunk-Alert-for-disk-space-usage/m-p/336066#M3029 <P>You can run a search and output it to a table with whatever fields you want to display and alert on</P> <P><CODE>host="MONGO*" sourcetype=df | multikv fields Filesystem Type Size Used Avail UsePct MountedOn | convert auto(UsePct) | where UsePct&gt;80 | table host Filesystem Type Size Used Avail UsePct MountedOn</CODE></P> <P>When you save this search as an alert set your trigger conditions to:<BR /> - Number of Results is greater than 0<BR /> - Trigger Once</P> Mon, 11 Dec 2017 17:53:43 GMT https://community.splunk.com/t5/Monitoring-Splunk/Splunk-Alert-for-disk-space-usage/m-p/336066#M3029 rphillips_splk 2017-12-11T17:53:43Z https://community.splunk.com/t5/Monitoring-Splunk/Splunk-Alert-for-disk-space-usage/m-p/336067#M3030 <P>thank you the query worked</P> Tue, 12 Dec 2017 19:32:30 GMT https://community.splunk.com/t5/Monitoring-Splunk/Splunk-Alert-for-disk-space-usage/m-p/336067#M3030 shakeel253 2017-12-12T19:32:30Z