Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I get UsePct

leov123
New Member
‎04-02-2019 02:17 AM

Please tell me know how can I get UsePct data?

I must get the UsePct data which the MountedOn="/tmp" . Already type like below:

index=* sourcetype=df MountedOn="/tmp"
|table host,UsePct

But that hav't any result of UsePct.
Please help me.

I try type like below, but still not good..........

index=* source=df "/tmp"
| multikv fields Filesystem Avail UsePct
| table host,UsePct

Please.......help me....

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎04-02-2019 04:31 AM

you can use either fields Mount or MountedOn and then use the PercentUsedSpace or PercentFreeSpace fields
verify you have them and so something like this:
index=os sourcetype=df MountedOn="\tmp" | stats latest(PercentFreeSpace) as last_free Avg(PercentFreeSpace) as avg_free ... by host

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎04-02-2019 04:31 AM

you can use either fields Mount or MountedOn and then use the PercentUsedSpace or PercentFreeSpace fields
verify you have them and so something like this:
index=os sourcetype=df MountedOn="\tmp" | stats latest(PercentFreeSpace) as last_free Avg(PercentFreeSpace) as avg_free ... by host

0 Karma
Reply
Solved! Jump to solution

leov123
New Member
‎04-02-2019 04:49 AM

Thank you for your answer.

But when I use Mounted or Mount in the Search

the result of Events and Statistics is "No results found. Try expanding the time range. "

However, only type in
index=* sourcetype=df "tmp"
I can get some data of the result

Finally...I type like below

index=* sourcetype=df "/tmp"
| stats latest(PercentUsedSpace) as last_free Avg(PercentUsedSpace) as avg_free by host
| table host,last_free,avg_free

But the last_free and avg_free in table of Statistics still empty.........

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎04-02-2019 04:55 AM

do you see the relevant fields? PercentUsedSpace PercentFreeSpace

0 Karma
Reply
Solved! Jump to solution

leov123
New Member
‎04-02-2019 05:16 AM

Oh, that's why......
My main language isn't English, I got you wrong.

Let me check the relevant fields.......

Thank you very much

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎04-02-2019 03:55 AM

are you using the Nix TA?

0 Karma
Reply
Solved! Jump to solution

leov123
New Member
‎04-02-2019 04:22 AM

yes....but the linux...

Could you help me?

It's driving me nuts...........

0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...