Hey Answers,

I have an endpoint question if anyone has the knowledge to enlighten me.

I have a client that was designing searches for an admin dashboard and crafted two based on existing monitoring console one to determine amount of space used in their storage:

One is trying to determine free disk space on a partition and is referencing /services/server/status/partitions-space.
The result is that they’re using 7.5 TB of their 8 TB’s in the drive.

The other is trying to determine free index space and is referencing /services/data/index-volumes.
The result of that one is that they’re using 5.2 TB of their 8 TB’s in the drive.

When I log on to the server and do a “df -h”, that drive says it’s using 5.3TB of 8TB allocated, so it seems like the “index-volumes” one is correct, but he’s wondering what the “partitions-space” one is looking at then and where that extra data is coming from.

I’m stumped as I thought that it would be “partitions-space” being hardware level storage and “index-volumes” being the Splunk related storage. Any insight into what the partitions-space one might be doing differently?

Thanks so much,
Austin