Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Query Mountpoint monitoring via splunk

aparnaa
Path Finder
‎11-05-2016 01:16 AM

Hi All

Can you please let me know if we can monitor mount point via splunk , if yes please let me know what changes are required
OS : Windows

We have mount points in DB servers and want to monitor them also

Thanks,
aparna

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

aparnaa
Path Finder
‎11-05-2016 02:49 AM

I did some more checking and found that because of the below details in input.conf file, mount point details where already showing up
File system names were listed in "instance" field

[perfmon://Free Disk Space]
counters = Free Megabytes;% Free Space
disabled = 0
instances = *
interval = 120
object = LogicalDisk
index = _infra_index

Below query showed free space details
index=infra source="Perfmon:Free Disk Space" instance!=_Total counter="% Free Space"| table host,counter,instance,Value | dedup host,counter,instance,Value | eval Free_space=round(Value,2) | Where Free_space < 25 | rename instance as "Disk Drive" Free_space as "Free Space %" | fields - Value,counter

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

aparnaa
Path Finder
‎11-05-2016 02:49 AM

I did some more checking and found that because of the below details in input.conf file, mount point details where already showing up
File system names were listed in "instance" field

[perfmon://Free Disk Space]
counters = Free Megabytes;% Free Space
disabled = 0
instances = *
interval = 120
object = LogicalDisk
index = _infra_index

Below query showed free space details
index=infra source="Perfmon:Free Disk Space" instance!=_Total counter="% Free Space"| table host,counter,instance,Value | dedup host,counter,instance,Value | eval Free_space=round(Value,2) | Where Free_space < 25 | rename instance as "Disk Drive" Free_space as "Free Space %" | fields - Value,counter

0 Karma
Reply
Solved! Jump to solution

aparnaa
Path Finder
‎11-05-2016 01:51 AM

I found these in my input.conf but wasnt sure which actually monitors mount point
[perfmon://Free Disk Space]
counters = Free Megabytes;% Free Space
disabled = 0
instances = *
interval = 120
object = LogicalDisk
index = infra_index

[perfmon://PhysicalDisk]
counters = Avg. Disk Read Queue Length; Avg. Disk Write Queue Length; Avg. Disk sec/Read; Avg. Disk sec/Write; Avg. Disk Bytes/Read; Avg. Disk Bytes/Write
disabled = 0
instances = _Total
interval = 120
object = PhysicalDisk
index = infra_index

0 Karma
Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...