Solved: monitor inode useage

Vinesh93 · ‎03-25-2020

Is there any possible solution to monitor the inode usage of linux system in Splunk?

PavelP · ‎03-26-2020

you need to install an Add-on for Linux and modify/copy its df.sh script, change

CMD='df -TPh'

to

CMD='df -TPhi'

you can remove -h parameter too.

Output will be:

Filesystem   Type              Size        Used       Avail      UsePct    MountedOn
/dev/sda1   ext4               57G         19G         35G         36%    /

and without -h:

Filesystem    Type              Size        Used       Avail      UsePct    MountedOn
/dev/sda1    ext4           7627488      104349     7523139          2%    /

you can modify the FORMAT and HEADER variables in df.sh further to show Inodes/IUsed/IFree/IUse% instead of Size/Used/Avail/UsePct

View solution in original post

PavelP · ‎03-26-2020

you need to install an Add-on for Linux and modify/copy its df.sh script, change

CMD='df -TPh'

to

CMD='df -TPhi'

you can remove -h parameter too.

Output will be:

Filesystem   Type              Size        Used       Avail      UsePct    MountedOn
/dev/sda1   ext4               57G         19G         35G         36%    /

and without -h:

Filesystem    Type              Size        Used       Avail      UsePct    MountedOn
/dev/sda1    ext4           7627488      104349     7523139          2%    /

you can modify the FORMAT and HEADER variables in df.sh further to show Inodes/IUsed/IFree/IUse% instead of Size/Used/Avail/UsePct

Vinesh93 · ‎03-26-2020

@PavelP Thanks a lot, that works like a charm!!!

PavelP · ‎03-26-2020

thank you @Vinesh93 , please accept the answer as solution so everybody can benefit from it

monitor inode useage

other

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes