Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Alerting
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Alerting
- :
- Re: How to setup email alerts when linux servers a...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to setup email alerts when linux servers are 80% full?
mike000
New Member
04-03-2020
11:05 AM
As always I know you will be able to answer my question.
So using this query:
index=_nix_xxxx sourcetype=df host=abdhw003 OR host=n OR host=n OR host=n or host=n MountedOn="/doc"
| eval TotalGBytes= TotalMBytes/1024 | eval UsedGBytes=UsedMbytes/1024 |eval used_pct=100(UsedGBytes/TotalGBytes)
| stats max(TotalGBytes) as "MaxSize(GB) max(UsedGBytes) as "UsedSize(GB) as "percentUsed" by host, MountedOn
| search PercentUsed>05| Sort PercentUsed
I am able to see the space used by each server, is there a way wherein the dashboard once any server hits 80% or 90% used- the color of that server changes to red and an email is triggered to the support team that a certain server has reached 90% capacity?
Is that a query or something to be parameterized in the dashboard itself? Trying to understand Splunk, I appreciate all the help.
Thanks,
Mike
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
04-03-2020
11:24 AM
Something like this:
index="_nix_xxxx " AND sourcetype="df"
| stats avg(PercentUsedSpace) AS avgPctUsed BY host Filesystem
| eval threshold = case(
match(Filesystem, "foo"), 85,
...
true(), 90)
| where avgPctUsed > threshold
| sort 0 - avgPctUsed
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
mike000
New Member
04-03-2020
01:15 PM
Hi woodcock, thanks for your reply. If I may ask, What will this do? Does this part just change the color or send email trigger? I cant see either in the snippet.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
04-03-2020
01:59 PM
Just save it as an alert, add the alert action of email, done.
Get Updates on the Splunk Community!
Splunk Observability as Code: From Zero to Dashboard
For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...
Shape the Future of Splunk: Join the Product Research Lab!
Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...
