Hard Disk Usage and Information on Splunk Server

The following Splunk Query will utilize a “| REST” call to gather information related to disk usage on your Splunk server(s). The following has been modified from the “Distributed Management Console” to be more generic for a copy, paste, and search example.

| rest splunk_server=* /services/server/status/partitions-space | eval free = if(isnotnull(available), available, free) | eval usage = round((capacity - free) / 1024, 2) | eval capacity = round(capacity / 1024, 2) | eval compare_usage = usage." / ".capacity | eval pct_usage = round(usage / capacity * 100, 2) | stats first(fs_type) as fs_type first(compare_usage) as compare_usage first(pct_usage) as pct_usage by mount_point, splunk_server | rename mount_point as "Mount Point", fs_type as "File System Type", compare_usage as "Disk Usage (GB)", capacity as "Capacity (GB)", pct_usage as "Disk Usage (%)" splunk_server as "Splunk Server" | sort - "Splunk Server"

Splunk Query Repository

Hard Disk Usage and Information on Splunk Server

Leave A Comment? Click here to cancel reply.

Splunk Query Repository

Hard Disk Usage and Information on Splunk Server

Related Queries

Get Fields Defined for Multiple KVStore Collections

REST Call for a list of Alert actions (Webhook_sms or Email or notable or ..)

REST Call for a get details about Alert cron_schedules

Leave A Comment? Click here to cancel reply.