Splunk App for Unix and Linux: How can I make my s...

sushmitha_mj · ‎04-21-2015

I am using the following search for representing usage per mount point. How do I make this a Gauge graph and have one per mount point?

host=$host$ sourcetype="df" earliest=-10m
 | multikv fields Used Avail MountedOn
 | dedup MountedOn
 | eval s = "Used,Available"
 | makemv delim="," allowempty=t s
 | mvexpand s
 | eval Size = if(s=="Used",Used,Avail)
 | convert memk(Size) as Size 
 | chart sum(Size) as "Size in Gb" by s

Also using the Splunk App for Unix and Linux what other interesting search searches could I write?

fdi01 · ‎04-21-2015

try like this :

 host=$host$ sourcetype="df" earliest=-10m
    | multikv fields Used Avail MountedOn
    | dedup MountedOn
    | eval s = "Used,Available"
    | makemv delim="," allowempty=t s
    | mvexpand s
    | eval Size = if(s=="Used",Used,Avail)
    | convert memk(Size) as Size
    | chart sum(Size) as "Size in Gb" by s|gauge  "Size in Gb" 50 100 125 150

this display the "Size in Gb" on a gauge with 4 regions, (0-50, 50-100, 100-125,125-150)

sushmitha_mj · ‎04-21-2015

does not work....
It does not give me four different charts..

gyslainlatsa · ‎04-21-2015

hi
I do not understand your problem but I think this link will help you

http://docs.splunk.com/Documentation/Splunk/6.2.2/SearchReference/Gauge

Splunk App for Unix and Linux: How can I make my search representing memory usage per mount point into a gauge graph?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!