All Apps and Add-ons

disk usage, splunk add on unix

sreesh
New Member

Would like to have chart of the total disk space vs used for all mounts at the current time for a host for comparison.

Would like to have trend chart of the total disk space vs used for all mounts for a host for comparison.

Any suggestions?

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi
taking the information about disks from the Splunk_TA_nix you have the following informations:

  • Filesystem
  • Type
  • Size
  • Used
  • Avail
  • UsePct
  • MountedOn

that you can use to do all the comparisons you want.
e.g. the time distribution od UsePct in time so you could trace the UsePct data, something like this:

index=os  sourcetype=df
| multikv 
| timechart span=1h max(UsePct) AS perc By host

Ciao.
Giuseppe

0 Karma

sreesh
New Member

fields: size = 15T, mountedon = /stg UsePct =92%, Used=14T, Avail = 1.4T
the requirement is to have

for each mount, Size and Used space side-by-side column chart or any other chart at any given moment and trend, just for visualization.

I am getting it in table part using
| stats latest(Size) as "TotalStorage" by mount,Used | rename Used as UsedStorage

0 Karma

gcusello
SplunkTrust
SplunkTrust

To have a time distribution, try something like this:

 index=os  sourcetype=df host=your_host
 | multikv 
 | bin span=1h _time
 | stats latest(Size) AS "TotalStorage" latest(Used) AS Used latest(UsePct) AS UsePct by Filesystem _time

Ciao.
Giuseppe

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Do you have total and consumed disk space for all mounts available in Splunk?
What have you tried so far?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...