Splunk Search

Disk usage Alerts

Communicator

I am trying to set up a search then alert on our *nix systems SAN-LUNs storage system. I modified a default *NIX disk usage search, however it only works with reporting on /dev/sda usage. I do not know how to specify the variables for a SAN storage LUN or BOOT partition.

I have enclosed a copy of my FSTAB file, and a df listing. (Sorry about the formatting?)

FSTAB /dev/VolGroup00/LogVol00 / ext3 defaults 1 1 LABEL=/boot /boot ext3 defaults 1 2 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 /dev/VolGroup00/LogVol01 swap swap defaults 0 0

root@ihswp1 adminmm0]# df -h -T Filesystem Type Size Used Avail Use% Mounted on

/dev/mapper/VolGroup00-LogVol00 ext3 9.7G 8.6G 602M 94% / /dev/sda1 ext3 99M 24M 71M 26% /boot tmpfs tmpfs 1014M 0 1014M 0% /dev/shm

Any help would be appreciated. Thank you

V

Tags (1)

Splunk Employee
Splunk Employee

You should look at the formatting tools in the input box toolbar. There is a button to format code so that it displays as typed in the box.

0 Karma

Splunk Employee
Splunk Employee

You should look at the Splunk for Unix app, in particular the df.sh script for collecting information about your disks in a convenient format for Splunk to parse.