Solved: How do I determine a users current disk quota?

Lowell · ‎08-24-2012

I recently ran into some issues with user's disk quota. I've increased the defaults a bit, but I can't seem to find an easy way to determine a users current usage. (Actually, I couldn't find any jobs for the user, so something weird was happening.)

Is there a REST call for this? Obviously this information is somewhere, because I can see in splunkd.log the current disk space used when a user violates their limits. It would be nice to be able to know if a user is getting close to their limit. Or, after they've hit a limit to know how much spaces they've cleaned up.

Is there any way to do this (preferable, from within Splunk)?

_d_ · ‎08-25-2012

Try this search on your search head:

| rest splunk_server=local /services/search/jobs | eval diskUsageMB=diskUsage/1024/1024 | stats sum(diskUsageMB) by eai:acl.owner

Hope this helps.

d.

View solution in original post

_d_ · ‎08-25-2012

Try this search on your search head:

| rest splunk_server=local /services/search/jobs | eval diskUsageMB=diskUsage/1024/1024 | stats sum(diskUsageMB) by eai:acl.owner

Hope this helps.

d.

Lowell · ‎08-28-2012

In my initial use case, there were no jobs listed for the user who supposedly used up their quota when I looked in the "Job Manager", which is why I was wondering if there was a more direct way to get at this value. (But perhaps, internally, each splunk process iterates the entire dispatch folder and sums it up as you search does. I'm not sure.) I had created that user only earlier that afternoon.

Lowell · ‎08-28-2012

The rest search shown here never seems to return more than 500 results. But there are more than 500 directories under $SPLUNK_HOME/var/run/splunk/dispatch so I must be hitting some kind of limit somewhere.

How do I determine a users current disk quota?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes