Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

df by host,mount

cmeo
Contributor
‎01-09-2014 09:49 PM

I'm trying to set up a timechart of disk free by host and mountpoint and this is proving difficult, because timechart will only accept one field for a by clause. This doesn't work because the level of uniqueness is host,mount not host or mount. Let me additionally say I loathed the new version of the NIX app on sight and can't stand the new visualisations. The old versions--which I can't download any more for pointers--did the job fine in my opinion. So all I want is for something like this to work: 

sourcetype=df| timechart span=1h avg(storage_percent_free) AS pctfree by host, mount

and make a nice, old school line chart which you can extrapolate easily...like the old version did.

Anyone know how I get there?

Tags (2)
0 Karma
Reply

jbrodsky_splunk
Splunk Employee
Splunk Employee
‎01-10-2014 01:41 PM

Or something like this?

sourcetype=df index=os | eval hostmount=host.":".mount | timechart avg(storage_free_percent) by hostmount usenull=f
Reply

MuS
SplunkTrust
SplunkTrust
‎01-09-2014 11:29 PM

Hi cmeo,

you can use chart instead to do this:

 sourcetype=df | chart span=1h values(mount) AS mount avg(storage_percent_free) AS pctfree over _time by host

should do the job for you.

cheers, MuS

Reply
Get Updates on the Splunk Community!

Insights from .conf 2025, Smart Edge Processor Scaling, and a New Splunk Lantern ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Machine Learning - Assisted Adaptive Thresholding

Let’s talk thresholding. Have you set up static thresholds? Tired of static thresholds triggering false ...

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

  Ready to master Kubernetes and cloud monitoring like the pros?Join Splunk’s Growth Engineering team for an ...