topic Re: How do you create an alert for disk usage? in Monitoring Splunk

How do you create an alert for disk usage?

maryamchar — Mon, 15 Oct 2018 22:10:23 GMT

Hello,
Is there a way to have a query in a dashboard that sends me notification when the storage space reaches a certain amount such as 70 % of storage used?

I know there is a way in the setting to enable that by going to Monitor console and alert setup -> DMC alert -> near critical disk usage. But i want to have a query instead in a dashboard that sends me an alarm too.

I'm using Splunk Enterprise search and reporting.

Thank you in advance!

Re: How do you create an alert for disk usage?

skoelpin — Mon, 15 Oct 2018 22:34:00 GMT

If you want the alert then why not just grab the SPL from the DMC and create an alert off it?

Re: How do you create an alert for disk usage?

maryamchar — Mon, 15 Oct 2018 22:50:40 GMT

Because that's part of setting it didn't show me the SPL. So i'm trying to write an SPL like the DMC and create alert. Is there any easy other way ?? Thank you!

Re: How do you create an alert for disk usage?

twh1 — Tue, 16 Oct 2018 11:34:08 GMT

Hi @maryamchar ,
You can use the below query to set-up the alert.

index=foo "search string"  | where stoarge_field > 70

Re: How do you create an alert for disk usage?

skoelpin — Tue, 16 Oct 2018 13:52:59 GMT

Here ya go. You just need to include your host value

(index=_introspection sourcetype=splunk_disk_objects component=Partitions "data.mount_point"="/opt/splunk" host=<YOUR HOST> ) 
| eval free=if(isnotnull('data.available'),'data.available','data.free'), usage=round((('data.capacity' - free) / 1024),2), capacity=round(('data.capacity' / 1024),2) 
| timechart minspan=10min latest(capacity) as Capacity Median(usage) as Usage

Re: How do you create an alert for disk usage?

maryamchar — Tue, 16 Oct 2018 14:37:32 GMT

Thank you! it did not show any results 😞 is there another way to check ?

Re: How do you create an alert for disk usage?

maryamchar — Tue, 16 Oct 2018 14:38:06 GMT

Thank you! It didn't work for me even when i changed the % from 70 to 20

Re: How do you create an alert for disk usage?

skoelpin — Tue, 16 Oct 2018 14:41:11 GMT

Did you change host=<YOUR HOST> to your host value?

It works on my end when I change it to a host in my env

Re: How do you create an alert for disk usage?

maryamchar — Tue, 16 Oct 2018 14:55:12 GMT

Yes i did change it to my host and still didn't give me any results. Thank you for help

Re: How do you create an alert for disk usage?

skoelpin — Tue, 16 Oct 2018 15:02:14 GMT

Post your query...

Re: How do you create an alert for disk usage?

avoelk — Thu, 09 Sep 2021 09:55:34 GMT

this is an old topic but, for everyone who is searching for this, there are two possible reasons why this search doesn't function:

- difference in mount_point

- forgot to put in a host value

for me it was both. it works