Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to estimate number of days left for disk to full?

venky1544
Builder
‎07-10-2023 03:43 AM

Hi 

i have dataset where data is ingested into  splunk once a day at 5PM everyday

Below is the dataset  USED_SPACE and TOTAL SPACE are in MB 

date=10/07/2023 17:00:00 drive=HD USED_SPACE=10 TOTAL_space=100

date=09/07/2023 17:00:00 drive=HD USED_SPACE=12 TOTAL_space=100

date=08/07/2023 17:00:00 drive=HD USED_SPACE=13 TOTAL_space=100

date=07/07/2023 17:00:00 drive=HD USED_SPACE=10 TOTAL_space=100

Based on the growth of the used_space per day i want to calculate the days left for the drive to reach TOTAL space basically in how many days would it reach for Total space need a separate column as days remaining 

 

Labels (1)
Labels
0 Karma
Reply

GaetanVP
Contributor
‎07-10-2023 04:12 AM

Hello @venky1544,

I do not understand 100% of your problem,

How exactly do you receive / ingest the data ? Once a day you will have a new line inside your dataset ? Would you be able to share a screenshot of a Splunk Search where you display those data ? 

Also I am surprise that your USED_SPACE does not grows from 07 to 10, it goes 10 to 13 to 10MB again ?

Regards,

GaetanVP

0 Karma
Reply

venky1544
Builder
‎07-10-2023 05:17 AM

Hi @GaetanVP 

the data is coming from a file. its once  a day so everyday you will have a new line appended to the file why the surprise, space in a drive doesn't mean it should always go linearly from 7  to 10. somedays some might copy total 13MB of files someday some might copy and delete so space in disk would change to 10MB 

i hope it clears your confusion

Thanks

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎07-10-2023 04:33 AM

Hi

you could use splunk to predict used disk space. See function predict from command documentation and there are some examples on net/community. 
r. Ismo 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Search APIを使えば調査過程が残せます

   このゲストブログは、JCOM株式会社の情報セキュリティ本部・専任部長である渡辺慎太郎氏によって執筆されました。 Note: This article is published in both Japanese ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...