Hi this may sound like a simple question ...
we are on splunk 4.2
We have a number of linux servers that we are trying to monitor CPU. Memory and Disk statistics against.
for example disk : we go into the splunk *nix then select Disk -> Diskspace used by host , then get the option to select what host I want to graph.
The first graph is fine . it graphs the host . However immediateldy underneath the graph is "latest disk used by host"
I would expect just to see the host here . Instead I see the df -h output from all the other servers. I do not want to see this (ie when i select a host i just want to see the df -h for that host ONLY)
let me know if i have explained this adequatetly . I need to get an answer on this
Thanks
The "latest disk used by host" is populated by the following query in this file:
/opt/splunk/etc/apps/unix/default/data/ui/views/disk_used_by_host.xml
[Latest_Disk_Used_by_Host(1)]
args = host
definition = index="os" sourcetype="df" | dedup host
it could be replaced by:
[Latest_Disk_Used_by_Host(1)]
args = host
definition = index="os" sourcetype="df" host=$host$ | dedup host