Getting Data In

Splunk REST Storage Endpoints - Clarification

AustinAlbrecht
Engager

Hey Answers,

I have an endpoint question if anyone has the knowledge to enlighten me.

I have a client that was designing searches for an admin dashboard and crafted two based on existing monitoring console one to determine amount of space used in their storage:

One is trying to determine free disk space on a partition and is referencing /services/server/status/partitions-space.
The result is that they’re using 7.5 TB of their 8 TB’s in the drive.

The other is trying to determine free index space and is referencing /services/data/index-volumes.
The result of that one is that they’re using 5.2 TB of their 8 TB’s in the drive.

When I log on to the server and do a “df -h”, that drive says it’s using 5.3TB of 8TB allocated, so it seems like the “index-volumes” one is correct, but he’s wondering what the “partitions-space” one is looking at then and where that extra data is coming from.

I’m stumped as I thought that it would be “partitions-space” being hardware level storage and “index-volumes” being the Splunk related storage. Any insight into what the partitions-space one might be doing differently?

Thanks so much,
Austin

Get Updates on the Splunk Community!

What’s New in Splunk Observability Cloud – June 2025

What’s New in Splunk Observability Cloud – June 2025 We are excited to announce the latest enhancements to ...

Almost Too Eventful Assurance: Part 2

Work While You SleepBefore you can rely on any autonomous remediation measures, you need to close the loop ...

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

 Stay ahead of today’s evolving threats with the combined power of the Splunk Threat Research Team (STRT) and ...