Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I get UsePct

leov123
New Member
‎04-02-2019 02:17 AM

Please tell me know how can I get UsePct data?

I must get the UsePct data which the MountedOn="/tmp" . Already type like below:

index=* sourcetype=df MountedOn="/tmp"
|table host,UsePct

But that hav't any result of UsePct.
Please help me.

I try type like below, but still not good..........

index=* source=df "/tmp"
| multikv fields Filesystem Avail UsePct
| table host,UsePct

Please.......help me....

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎04-02-2019 04:31 AM

you can use either fields Mount or MountedOn and then use the PercentUsedSpace or PercentFreeSpace fields
verify you have them and so something like this:
index=os sourcetype=df MountedOn="\tmp" | stats latest(PercentFreeSpace) as last_free Avg(PercentFreeSpace) as avg_free ... by host

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎04-02-2019 04:31 AM

you can use either fields Mount or MountedOn and then use the PercentUsedSpace or PercentFreeSpace fields
verify you have them and so something like this:
index=os sourcetype=df MountedOn="\tmp" | stats latest(PercentFreeSpace) as last_free Avg(PercentFreeSpace) as avg_free ... by host

0 Karma
Reply
Solved! Jump to solution

leov123
New Member
‎04-02-2019 04:49 AM

Thank you for your answer.

But when I use Mounted or Mount in the Search

the result of Events and Statistics is "No results found. Try expanding the time range. "

However, only type in
index=* sourcetype=df "tmp"
I can get some data of the result

Finally...I type like below

index=* sourcetype=df "/tmp"
| stats latest(PercentUsedSpace) as last_free Avg(PercentUsedSpace) as avg_free by host
| table host,last_free,avg_free

But the last_free and avg_free in table of Statistics still empty.........

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎04-02-2019 04:55 AM

do you see the relevant fields? PercentUsedSpace PercentFreeSpace

0 Karma
Reply
Solved! Jump to solution

leov123
New Member
‎04-02-2019 05:16 AM

Oh, that's why......
My main language isn't English, I got you wrong.

Let me check the relevant fields.......

Thank you very much

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎04-02-2019 03:55 AM

are you using the Nix TA?

0 Karma
Reply
Solved! Jump to solution

leov123
New Member
‎04-02-2019 04:22 AM

yes....but the linux...

Could you help me?

It's driving me nuts...........

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...