Monitoring Splunk
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- Re: Query Mountpoint monitoring via splunk
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aparnaa
Path Finder
11-05-2016
01:16 AM
Hi All
Can you please let me know if we can monitor mount point via splunk , if yes please let me know what changes are required
OS : Windows
We have mount points in DB servers and want to monitor them also
Thanks,
aparna
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aparnaa
Path Finder
11-05-2016
02:49 AM
I did some more checking and found that because of the below details in input.conf file, mount point details where already showing up
File system names were listed in "instance" field
[perfmon://Free Disk Space]
counters = Free Megabytes;% Free Space
disabled = 0
instances = *
interval = 120
object = LogicalDisk
index = _infra_index
Below query showed free space details
index=infra source="Perfmon:Free Disk Space" instance!=_Total counter="% Free Space"| table host,counter,instance,Value | dedup host,counter,instance,Value | eval Free_space=round(Value,2) | Where Free_space < 25 | rename instance as "Disk Drive" Free_space as "Free Space %" | fields - Value,counter
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aparnaa
Path Finder
11-05-2016
02:49 AM
I did some more checking and found that because of the below details in input.conf file, mount point details where already showing up
File system names were listed in "instance" field
[perfmon://Free Disk Space]
counters = Free Megabytes;% Free Space
disabled = 0
instances = *
interval = 120
object = LogicalDisk
index = _infra_index
Below query showed free space details
index=infra source="Perfmon:Free Disk Space" instance!=_Total counter="% Free Space"| table host,counter,instance,Value | dedup host,counter,instance,Value | eval Free_space=round(Value,2) | Where Free_space < 25 | rename instance as "Disk Drive" Free_space as "Free Space %" | fields - Value,counter
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aparnaa
Path Finder
11-05-2016
01:51 AM
I found these in my input.conf but wasnt sure which actually monitors mount point
[perfmon://Free Disk Space]
counters = Free Megabytes;% Free Space
disabled = 0
instances = *
interval = 120
object = LogicalDisk
index = infra_index
[perfmon://PhysicalDisk]
counters = Avg. Disk Read Queue Length; Avg. Disk Write Queue Length; Avg. Disk sec/Read; Avg. Disk sec/Write; Avg. Disk Bytes/Read; Avg. Disk Bytes/Write
disabled = 0
instances = _Total
interval = 120
object = PhysicalDisk
index = infra_index
Get Updates on the Splunk Community!
Manual Instrumentation with Splunk Observability Cloud: The What and Why
If you've ever worked with distributed systems, you’ve likely felt the pain of a frontend throwing errors, ...
Full-Stack Security in Financial Services: AppDynamics, Cisco Secure Application, and ...
Full-Stack Security in Financial Services: AppDynamics, Cisco Secure Application, and Splunk ES
Protecting a ...
It's Customer Success Time at .conf25
Hello Splunkers,
Ready for .conf25? The customer success and experience team is and can’t wait to see you ...
