IO Stats don't work since CDM v5

rickybails · ‎03-28-2019

Since we upgraded our Rubrik cluster to V5, the io stats are all zeros. This is due to a design change in Rubrik, that the io stats are only filled in 5 minute increments and not in real time. They did this to avoid taxing the underlying query engine.

The recommentation from Rubrik's engineering team is... " to query for a longer interval and only extract specific information from it. For example, at 10:00 you can query for the last 10 minutes (range=-10min), and use the oldest 1 minute (09:50 - 09:51) and store this data. Then at 10:01 you would get data for the last 10 minutes and only use 09:51-09:52. And so on... "

I see from the Splunk app's configs that it's set to call the iostats API for the last minute: https://%7b%7brubrik_node%7d%7d/api/internal/cluster/me/io_stats?range=-1min

Can anyone advise how to change the splunk apps' configs so that it will look back say 6 mins but only take the earliest minute of that into splunk, so it loads one minute at a time, with a 5 min lag. I've ask Rubrik engineering what's the minimum lookback we'd need to use to guarantee some data in the earliest min - I'm guessing it's around 6 or 7 mins. Is this sort of setting even user-configurable (i.e. by adding configs to the local dir) or would I have to alter the app files?

rickybails · ‎03-28-2019

I asked Rubrik support to contact the author, who then released a fix for this - now released on Splunkbase as v 1.0.1
I've installed the new version and IO stats are now being collected.

IO Stats don't work since CDM v5

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!