Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Setting up visual for Disk Space or Free Disk Space/Radial Gauge for Disk Space

carlyleadmin
Contributor
‎12-07-2017 10:01 AM

Hi,

This task was harder than i think or i do not know what i am doing(most likely).Basically i want to put up a nice dashboard(radial gauge) where it shows the disk space over time,or real-time.so if i had 200gb space and i have 30gb free would like to show that on the gauge and over time with progress whether that number goes up or down.cpuld be a percentage as well.i hope this makes sense.here is my WMI.conf file

[WMI:LocalPhysicalDiskInfo]
interval = 300
wql = select Name, FreeSpace, Size from Win32_LogicalDisk
disabled = 0
index = main

i guess the first question would be like,do i need additional WQL statements such as percentage disk space etc?

so this is my search query
index="main" sourcetype="wmi:localphysicaldiskinfo" Name="C:" |

and this is what i got in returnalt text

and result would be something like this if it is not too much work.

alt text

Thanks in advance for all your help.

Tags (1)
Preview file
29 KB
Preview file
104 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎12-07-2017 10:17 AM

To get %, just do this:

index="main" 
sourcetype="wmi:localphysicaldiskinfo" 
Name="C:"
| eval pct = 100 * FreeSpace / Size

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎12-07-2017 10:17 AM

To get %, just do this:

index="main" 
sourcetype="wmi:localphysicaldiskinfo" 
Name="C:"
| eval pct = 100 * FreeSpace / Size
0 Karma
Reply
Solved! Jump to solution

carlyleadmin
Contributor
‎12-07-2017 10:57 AM

Thanks for the quick response Woodcook. i am running this search now and when i try to put it in visualization but that is not working.can you tell me what i am doing wrong please.would this involve a complex search query to make visualization to work.below post mentions something like this https://answers.splunk.com/answers/568907/visual-chart-for-how-much-free-disk-space-is-avail.html

index="main" sourcetype="WMI:LocalPhysicalDiskInfo" Name="C:"|eval pct = 100 * FreeSpace / Size|timechart span=5m avg(pct) by Name

alt text

alt text

Preview file
226 KB
Preview file
274 KB
0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎12-07-2017 12:31 PM

Try this:

index="main" sourcetype="WMI:LocalPhysicalDiskInfo" Name="C:"
| eval pct = 100 * FreeSpace / Size
| chart avg(pct) by Name

Select Radial Gauge visualization and then select Trellis by Name field.

0 Karma
Reply
Solved! Jump to solution

carlyleadmin
Contributor
‎12-07-2017 01:10 PM

Thanks Woodcock.That was it.

0 Karma
Reply
Get Updates on the Splunk Community!

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

Join us on Wed, Dec 10. at 10AM PST / 1PM EST for a live webinar and demo with Splunk experts! Discover how ...

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...