Reporting

Reporting On Specific Servers

itsomana
Path Finder

Splunk is indexing performance data for % disk space free for production and development linux and windows servers. I have two saved search which reports where % disk space is less than 10% for Windows and Linux.

The Production servers would have a different IP address range to that of the development servers.

I need to now refine the saved search to only search where % disk space free is less than 10% on production servers. I have read about tagging where I could tag all the production servers. In my saved search I could then update it to include tag=Production. This would then only pull back Production servers.

Is there any other way I could distinguish from within my saved search my production servers from my development servers?

Tags (2)
0 Karma
1 Solution

sdaniels
Splunk Employee
Splunk Employee

Tagging is the best approach in this case. thanks

View solution in original post

sdaniels
Splunk Employee
Splunk Employee

Tagging is the best approach in this case. thanks

sdaniels
Splunk Employee
Splunk Employee

Great point...i should have asked how many servers as well.

0 Karma

araitz
Splunk Employee
Splunk Employee

You could also use a lookup, and I would say that if you have more than a few thousand servers, you should use lookups instead of tags. Aside from that, yeah go for tags.

0 Karma

itsomana
Path Finder

No you are not missing anything. If tagging is designed specifically for this then I will take this approach. Many thanks for your comment.

0 Karma

sdaniels
Splunk Employee
Splunk Employee

Tagging is designed specifically for this and would be the best approach given your need. Is there something i'm missing as to why you wouldn't want to do it this way?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...