Solved: Monitoring disk space

steveo2 · ‎06-29-2020

Hi, I'm using the following search to monitor disk space. I have 2 partitions, drive D and E. I am only returning results for drive D. I would have expected results for both. Any thoughts are appreciated. thanks

| rest splunk_server=Splunk01 /services/server/status/partitions-space | eval free = if(isnotnull(available), available, free) | eval usage = round((capacity - free) / 1024, 2) | eval capacity = round(capacity / 1024, 2) | eval compare_usage = usage." / ".capacity | eval pct_usage = round(usage / capacity * 100, 2) | stats first(fs_type) as fs_type first(compare_usage) as compare_usage first(pct_usage) as pct_usage by mount_point | rename mount_point as "Mount Point", fs_type as "File System Type", compare_usage as "Disk Usage (GB)", capacity as "Capacity (GB)", pct_usage as "Disk Usage (%)"

richgalloway · ‎06-29-2020

When you run the rest command by itself, do you see both mount points?

BTW, the rename command references the capacity field, but that field was discarded by stats.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎06-29-2020

When you run the rest command by itself, do you see both mount points?

BTW, the rename command references the capacity field, but that field was discarded by stats.

---
If this reply helps you, Karma would be appreciated.

Monitoring disk space

eval

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!