All Apps and Add-ons

multikv extraction fails when table contains empty fields

Explorer

Hi,

I am trying to use multikv to parse the output of df.sh, which is part of the *nix application. On Solaris, the output of df.sh looks like this:

Filesystem                                          Type              Size        Used       Avail      UsePct    MountedOn
/dev/md/dsk/d15                                     ufs               9.6G        3.8G        5.7G         40%    /
sharefs                                             sharefs             0K          0K          0K          0%    /etc/dfs/sharetab
10.173.22.82:/vol/vf_slog_lons01_logs_vol01/archive_q01                    1.5T        1.3T        214G         86%    /logpool/logs/archive_global

Using multikv against this table results in the following mapping for the last line (NFS mount), due to an empty/null entry for Type:

Filesystem: 10.173.22.82:/vol/vf_slog_lons01_logs_vol01/archive_q01
Type: 1.5T
Size: 1.3T
Used: 214G
Avail: 86%
UsePct: /logpool/logs/archive_global
MountedOn: <null>

All other rows extract correctly, given that they have a value for Type.

So, how can I get multikv to extract the fields correctly for all rows?

Regards,
Brett.

Contributor

Hi

Is there any workaround in multikv.conf, column with missing values are being assigned values from next header with values..

Subsystem/Job User Number User Type Pool Pty CPU Int Rsp AuxIO CPU% Function Status Threads
JDENET_K ONEWORLD 01267 ONEWORLD BCI 8 20 15884.2 1 1.9 jvmStart DEQW 33
QSRVERR QUSER 00129 ONEWORLD PJ 2 20 18277.8 3832 .9 CNDW 1

Int & Rsp are blank & get values of AuxIO & CPU% respectively

0 Karma

Splunk Employee
Splunk Employee

This looks like a bug in df.sh on Solaris. What specific version of Solaris? Let us know and we will try to fix.

0 Karma

Splunk Employee
Splunk Employee

Thanks, I have filed NIX-317 and will update you when I have more information on the fix. It seems like we can just put "null" in the type column when we aren't able to discern the fs type.

0 Karma

Explorer

And df.sh:

% df.sh
Filesystem Type Size Used Avail UsePct MountedOn
/dev/md/dsk/d15 ufs 9.6G 3.8G 5.7G 41% /
10.173.22.82:/vol/vf_slog_lons01_logs_vol01/archive_q01 1.5T 1.3T 205G 87% /logpool/logs/archive_global

0 Karma

Explorer

Solaris 10. Here is some (edited) output, due to the character limit of replies.

% df -n
/ : ufs
/logpool/logs/archive_global: nfs

% df -h
Filesystem size used avail capacity Mounted on
/dev/md/dsk/d15 9.6G 3.8G 5.7G 41% /
10.173.22.82:/vol/vf_slog_lons01_logs_vol01/archive_q01
1.5T 1.3T 205G 87% /logpool/logs/archive_global

If I can ever get this site to let me post the full output, I will.

Rgds,
Brett.

0 Karma

Champion

Could you please post the search query used? I have checked multikv was working ...

0 Karma