Solved: Create Splunk Storage (Disk Space) Capacity Alarm...

shakeel253 · ‎10-18-2017

The OS I am currently using is Redhat, i need help with the query that sends an alert if the DiskSpace goes over 70 percent

host="MONGO" sourcetype=df

richgalloway · ‎10-18-2017

Try this search. Schedule it to run at some interval (hourly, for example). Set the alert to trigger when the number of results is not zero.

host="MONGO" sourcetype=df | multikv fields Filesystem Type Size Used Avail UsePct MountedOn | convert auto(UsePct) | where UsePct>95

---
If this reply helps you, Karma would be appreciated.

richgalloway · ‎10-18-2017

Try this search. Schedule it to run at some interval (hourly, for example). Set the alert to trigger when the number of results is not zero.

host="MONGO" sourcetype=df | multikv fields Filesystem Type Size Used Avail UsePct MountedOn | convert auto(UsePct) | where UsePct>95

---
If this reply helps you, Karma would be appreciated.

kiril123 · ‎10-18-2017

Go to Settings -> Monitoring console -> Settings -> Alerts Setup. Then select and configure the following:

DMC Alert - Near Critical Disk Usage

shakeel253 · ‎10-18-2017

thank you for the response, but i need a Splunk Query which can be changed to Alert

Create Splunk Storage (Disk Space) Capacity Alarm (Alert)