Solved: Counting open files with lsof in Unix app

timmy13 · ‎03-13-2012

I need a way to determine how many files a particular user has open at any given time. This data exists in the output of the lsof data in the *nix app. BUt since it's one big field, I am unsure of how to parse it to get counts of files by user. Any ideas?

araitz · ‎03-13-2012

Did you try:

index=os sourcetype=lsof | multikv

View solution in original post

harish_l · ‎07-02-2019

what is the maximum ulimit is splunk, by default minimum is 64000. anyone please let me know the maximum ulimit setting?

araitz · ‎03-13-2012

Did you try:

index=os sourcetype=lsof | multikv

timmy13 · ‎03-14-2012

Nice! Sometimes the simplest solution evades me. Thanks!

Counting open files with lsof in Unix app

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Splunk Community Badges!

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

Join the Conversation