Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Setting up visual for Disk Space or Free Disk Space/Radial Gauge for Disk Space

carlyleadmin
Contributor
‎12-07-2017 10:01 AM

Hi,

This task was harder than i think or i do not know what i am doing(most likely).Basically i want to put up a nice dashboard(radial gauge) where it shows the disk space over time,or real-time.so if i had 200gb space and i have 30gb free would like to show that on the gauge and over time with progress whether that number goes up or down.cpuld be a percentage as well.i hope this makes sense.here is my WMI.conf file

[WMI:LocalPhysicalDiskInfo]
interval = 300
wql = select Name, FreeSpace, Size from Win32_LogicalDisk
disabled = 0
index = main

i guess the first question would be like,do i need additional WQL statements such as percentage disk space etc?

so this is my search query
index="main" sourcetype="wmi:localphysicaldiskinfo" Name="C:" |

and this is what i got in returnalt text

and result would be something like this if it is not too much work.

alt text

Thanks in advance for all your help.

Tags (1)
Preview file
1 KB
Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎12-07-2017 10:17 AM

To get %, just do this:

index="main" 
sourcetype="wmi:localphysicaldiskinfo" 
Name="C:"
| eval pct = 100 * FreeSpace / Size

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎12-07-2017 10:17 AM

To get %, just do this:

index="main" 
sourcetype="wmi:localphysicaldiskinfo" 
Name="C:"
| eval pct = 100 * FreeSpace / Size
0 Karma
Reply
Solved! Jump to solution

carlyleadmin
Contributor
‎12-07-2017 10:57 AM

Thanks for the quick response Woodcook. i am running this search now and when i try to put it in visualization but that is not working.can you tell me what i am doing wrong please.would this involve a complex search query to make visualization to work.below post mentions something like this https://answers.splunk.com/answers/568907/visual-chart-for-how-much-free-disk-space-is-avail.html

index="main" sourcetype="WMI:LocalPhysicalDiskInfo" Name="C:"|eval pct = 100 * FreeSpace / Size|timechart span=5m avg(pct) by Name

alt text

alt text

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎12-07-2017 12:31 PM

Try this:

index="main" sourcetype="WMI:LocalPhysicalDiskInfo" Name="C:"
| eval pct = 100 * FreeSpace / Size
| chart avg(pct) by Name

Select Radial Gauge visualization and then select Trellis by Name field.

0 Karma
Reply
Solved! Jump to solution

carlyleadmin
Contributor
‎12-07-2017 01:10 PM

Thanks Woodcock.That was it.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...