Hi! I have written a PowerShell Script to obtain Hard-Disk Informations for Local Drives and report it to Splunk.     If(Get-Command -Name 'Get-CimInstance' -ErrorAction SilentlyContinue) { $Drives = Get-CimInstance -Query 'SELECT * FROM Win32_LogicalDisk WHERE DriveType=3' -QueryDialect 'WQL' } Else { $Drives = Get-WmiObject -Query 'SELECT * FROM Win32_LogicalDisk WHERE DriveType=3' } $Drives | ForEach-Object { $Drive = $_ | Select-Object FreeSpace,Size,FileSystem,VolumeSerialNumber,PercentFree,UsedGB,FreeGB,@{Name='DriveLetter';Expression={ $_.DeviceID }},IsSystemdrive $Drive.PercentFree = [Math]::Round(($Drive.FreeSpace / $Drive.Size * 100),2) $Drive.UsedGB = [Math]::Round((($Drive.Size - $Drive.FreeSpace) / 1GB),2) $Drive.FreeGB = [Math]::Round(($Drive.FreeSpace / 1GB),2) If($Drive.DriveLetter -eq $env:SystemDrive) { $Drive.IsSystemdrive = $true } Else { $Drive.IsSystemdrive = $false } $Drive }     This gives me  the following result in Splunk for a System  with Harddisk C and D      FreeSpace : 37910388835 Size : 106847793152 FileSystem : NTFS VolumeSerialNumber : 64A9A098 PercentFree : 53,54 UsedGB : 46,23 FreeGB : 53,28 DriveLetter : C: IsSystemdrive : True FreeSpace : 27610488832 Size : 268432306176 FileSystem : NTFS VolumeSerialNumber : E2651A32 PercentFree : 10,29 UsedGB : 224,28 FreeGB : 25,71 DriveLetter : D: IsSystemdrive : False     My Query skills are not the best ... 😞 How can I separate the PowerShell objects (Disk C: and D:) in a query? For example; To monitor the system drive only?   This discussion is for learning, how to parse such PowerShell objects. Not to use other workarounds.) I'm also grateful if someone has tips on how to better prepare (separate) the PowerShell objects for Splunk searches. ... View more