I have an endpoint question if anyone has the knowledge to enlighten me.
I have a client that was designing searches for an admin dashboard and crafted two based on existing monitoring console one to determine amount of space used in their storage:
One is trying to determine free disk space on a partition and is referencing /services/server/status/partitions-space. The result is that they’re using 7.5 TB of their 8 TB’s in the drive.
The other is trying to determine free index space and is referencing /services/data/index-volumes. The result of that one is that they’re using 5.2 TB of their 8 TB’s in the drive.
When I log on to the server and do a “df -h”, that drive says it’s using 5.3TB of 8TB allocated, so it seems like the “index-volumes” one is correct, but he’s wondering what the “partitions-space” one is looking at then and where that extra data is coming from.
I’m stumped as I thought that it would be “partitions-space” being hardware level storage and “index-volumes” being the Splunk related storage. Any insight into what the partitions-space one might be doing differently?