Hello. New user here, trying to get my feet wet with Splunk. I have many years experience with virtualization, and I've spent a few months getting familiar with Docker containers. I have an ESXi 6.0 host running a couple dozen VMs in my home lab, and I've got a half dozen new-ish VMs running Photon 3.0 (VMWare's super-slim Linux Docker container appliance install) with various containers running. For my first step into Splunk, I'd like to deploy the Splunk container (done), and I'd like to configure it to simply monitor disk space usage and send me an email when I start to run out.

Per my reading over the last hour I am aware from a few threads that Splunk is way more capable than such a simple thing, but right now all the potential has proven to be overwhelming. So far I've been able to Add Data, Monitor, and select a folder, but beyond that everything is asking for more information than I know to give it, and all I really want right now is the output of a "df" command. Can someone walk me through the simple method to 'do the thing' as opposed to the tutorial describing the millions of things I could be doing with the product?