Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- Re: monitor inode useage
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there any possible solution to monitor the inode usage of linux system in Splunk?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you need to install an Add-on for Linux and modify/copy its df.sh script, change
CMD='df -TPh'
to
CMD='df -TPhi'
you can remove -h parameter too.
Output will be:
Filesystem Type Size Used Avail UsePct MountedOn
/dev/sda1 ext4 57G 19G 35G 36% /
and without -h:
Filesystem Type Size Used Avail UsePct MountedOn
/dev/sda1 ext4 7627488 104349 7523139 2% /
you can modify the FORMAT and HEADER variables in df.sh further to show Inodes/IUsed/IFree/IUse% instead of Size/Used/Avail/UsePct
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you need to install an Add-on for Linux and modify/copy its df.sh script, change
CMD='df -TPh'
to
CMD='df -TPhi'
you can remove -h parameter too.
Output will be:
Filesystem Type Size Used Avail UsePct MountedOn
/dev/sda1 ext4 57G 19G 35G 36% /
and without -h:
Filesystem Type Size Used Avail UsePct MountedOn
/dev/sda1 ext4 7627488 104349 7523139 2% /
you can modify the FORMAT and HEADER variables in df.sh further to show Inodes/IUsed/IFree/IUse% instead of Size/Used/Avail/UsePct
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@PavelP Thanks a lot, that works like a charm!!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you @Vinesh93 , please accept the answer as solution so everybody can benefit from it
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas
What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)
Automating Threat Operations and Threat Hunting with Recorded Future
