Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Disk Reporting Incorrect

trevor_dunstan8
Explorer
‎10-13-2020 08:56 PM

Hi all,

I am running a Splunk 7.3.0 distributed / clustered environment and I have noticed that the DMC is reporting that disk usage on my indexers is high ie around the 85% mark, however Windows Server 2016 says that it is around 65% as per attached screenshot. Its mainly the F drive as far as I can tell.

Disk usage was high previously however I then implemented retention policies on the indexes which cleared out a large amount of data, is it possible the DMC is caching an old value and is not updating ? I have restarted the Cluster master node and we have rebooted the index cluster since then I believe.

 

Any info would be great,

 

Thanks 

Labels (2)
Labels
Preview file
16 KB
0 Karma
Reply

trevor_dunstan8
Explorer
‎10-14-2020 06:50 PM

I thought that the Indexing cluster had been restarted but obviously not, storage figures reported correctly in DMC after cluster restart

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎10-13-2020 10:58 PM
At lest in linux version you must restart splunk after you have added/increased FS/LVM/Disks. Without restart REST queries didn't show those correctly.
r. Ismo
0 Karma
Reply

trevor_dunstan8
Explorer
‎10-14-2020 06:23 PM

We haven't extended the disks on the servers so that solution doesn't apply to us.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Every security professional knows the drill. The PCI DSS audit is approaching, and suddenly everyone's asking ...

Developer Spotlight with Guilhem Marchand

From Splunk Engineer to Founder: The Journey Behind TrackMe    After spending over 12 years working full time ...

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...

The Problem: When Networks and Services Don't Talk Payment systems fail at a retail location. Customers are ...