Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create Reports of Memory and Diskspace?

Germaine1989
Engager
‎08-02-2022 01:02 AM

 Hello,

I want to have the possibility to create reports of the diskspace and/or memory from my machine.

How can i set-up this?

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-02-2022 01:11 AM

Hi @Germaine1989,

you have to install the Splunk_TA_Windows (https://splunkbase.splunk.com/app/742) or the Splunk_TA-nix (https://splunkbase.splunk.com/app/833/) depending on the Operative System You have, enabling the required input stanza.

then you have to create a search displaying the information.

For Windows RAM:

index=windows sourcetype=WinHostMon Type=OperatingSystem
| eval host=upper(host)
| dedup host 
| sort host 
| eval 
   FreePhysicalMemoryGB=FreePhysicalMemoryKB/1024/1024,
   FreeVirtualMemoryGB=FreeVirtualMemoryKB/1024/1024,
   TotalPhysicalMemoryGB=TotalPhysicalMemoryKB/1024/1024,
   TotalVirtualMemoryGB=TotalVirtualMemoryKB/1024/1024,
   Virtual_mem_free_percent=FreeVirtualMemoryKB/TotalVirtualMemoryKB*100
| table FreePhysicalMemoryGB TotalPhysicalMemoryGB mem_free_percent FreeVirtualMemoryGB TotalVirtualMemoryGB Virtual_mem_free_percent  
| rename FreePhysicalMemoryGB AS "Free Physical Memory" TotalPhysicalMemoryGB AS "Total Physical Memory" mem_free_percent AS "Free Physical Memory%" FreeVirtualMemoryGB AS "Free Virtual Memory" TotalVirtualMemoryGB AS "Total Virtual Memory" Virtual_mem_free_percent AS "Free Virtual Memory%"

For Windows Disk:

index=windows sourcetype=WinHostMon Type=Disk
| eval host=upper(host)
| dedup Name 
| sort Name 
| eval 
   storage=storage/1024,
   storage_free=storage_free/1024,
   storage_used=storage_used/1024,
   storage_free_perc=storage_free/storage*100
| table Name DriveType FileSystem storage storage_free storage_used storage_free_perc
| rename storage AS "Disk Space" storage_free AS "Free Disk Space" storage_used AS "Used Disk Space" storage_free_perc AS "Free Disk Space %

For Linux RAM:

index=os sourcetype=hardware
| dedup host 
| eval MEMORY_REAL=MEMORY_REAL/1024/1024, MEMORY_SWAP=MEMORY_SWAP/1024/1024, host=upper(host)
| lookup Server host OUTPUT IP Tipologia
| table IP Tipologia CPU_TYPE CPU_COUNT CPU_CACHE MEMORY_REAL MEMORY_SWAP fd0 hdc sda 
| rename CPU_TYPE AS CPU CPU_COUNT AS "Number of CPUs" CPU_CACHE AS Cache MEMORY_REAL As RAM MEMORY_SWAP AS Swap HARD_DRIVES AS "Hard Disks" fd0 AS "Floppy Disk" hdc AS "Hard Disk" sda AS "Virtual disk"

For Linux Disks:

index=os  sourcetype=df
| dedup host 
| multikv 
| table Filesystem Type Size Used Avail UsePct MountedOn

Anyway, the starting point is the TA to extract data.

Ciao.

Giuseppe

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-02-2022 01:23 AM

Hi @Germaine1989,

display in a table the results you have, e.g. taking the last one:

index=os  sourcetype=df
| multikv 
| table _time Filesystem Type Size Used Avail UsePct MountedOn

if they are too many and you want an average, you can use stats, something like this:

index=os  sourcetype=df
| multikv 
| bin span=1d _time
| stats earliest(_time) AS _time values(Type) AS Type avg(Size9 AS Size avg(Used) AS Used avg(Avail) AS Avail avg(UsePct) AS UsePct values(MountedOn) AS MountedOn BY Filesystem

As I said the most important thing is the data input.

Ciao.

Giuseppe

0 Karma
Reply

Germaine1989
Engager
‎08-02-2022 01:17 AM

Thanks Giuseppe,

I like to create a report of the last month showing me the used diskspace or RAM.
Where can i implement such a thing?

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...