Splunk Cloud Platform

Splunk App to monitor folder size

PaulaCom
Path Finder

Good Morning 

Does anyone currently use Splunk or an App in Splunk to monitor folder size? 
We are currently been asked to set up new folders for fileshare for various teams and as our storage resource are near end we'd like to monitor each users' folder size.
The ideal scenario would be that there would be a threshold in size put on each folder and when the folder is near capacity then an alert would trigger and the IT Team would take action. 

Kind regards,

 

Paula  

 

 

Labels (1)
0 Karma
1 Solution

deepakc
Builder

Hi

I can't think of any app that monitors user folder sizes, but it wouldn’t be that hard to set up.

Possible High-Level Steps:

  1. Determine your OS is it Windows / Linux
  2. Based on the OS, you can use various Linux command’s  + bash script to monitor user folder sizes on a regular based and output that data into a text log file with a timestamp, you can do the same if its Windows and use a PowerShell script.
  3. The log file can be monitored at various intervals  by Splunk UF + inputs.conf and Props.conf
  4. Once the data is in an index, you can set up thresholds and alerts.

Yes, a bit of homework and scripting, but that’s the flexibility of Splunk and not that hard to do, and you would have created your own private TA

View solution in original post

deepakc
Builder

Hi

I can't think of any app that monitors user folder sizes, but it wouldn’t be that hard to set up.

Possible High-Level Steps:

  1. Determine your OS is it Windows / Linux
  2. Based on the OS, you can use various Linux command’s  + bash script to monitor user folder sizes on a regular based and output that data into a text log file with a timestamp, you can do the same if its Windows and use a PowerShell script.
  3. The log file can be monitored at various intervals  by Splunk UF + inputs.conf and Props.conf
  4. Once the data is in an index, you can set up thresholds and alerts.

Yes, a bit of homework and scripting, but that’s the flexibility of Splunk and not that hard to do, and you would have created your own private TA

deepakc
Builder
 
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...