What Query should i use to look for a certain directory in Linux Servers where the data is mounted?
So basically suppose linux server name is abdhw003...
so please help me for the query:
index=*_nix_xxxx sourcetype=df host=abdhw003. So in this case I want to find the "/doc" folder in that server, What would be the query for that?
Any help is appreciated, thanks,
Try index=*_nix_xxxx sourcetype=df host=abdhw003 source="/doc*"
I tried:
index=_nix_xxxx sourcetype=df host=abdhw003 MountedOn="/doc" |eval source="/doc*" and that seems to work.
Now I have multiple servers
index=_nix_xxxx sourcetype=df host=abdhw003 OR host=n OR host=n OR host=n or host=n MountedOn="/doc"| eval TotalGBytes= TotalMBytes/1024 | eval UsedGBytes=UsedMbytes/1024 |eval used_pct=100(UsedGBytes/TotalGBytes) | stats max(TotalGBytes) as "MaxSize(GB) max(UsedGBytes) as "UsedSize(GB) as "percentUsed" by MountedOn | search PercentUsed>05| Sort PercentUsed
Now the stats that I am getting is getting totalled(All 5 servers adding each other and showing me a max value) I think as the stats query has max value, How do I show stats of each server at a time? Any Ideas?
Thanks for the help. I appreciate it
Try index=*_nix_xxxx sourcetype=df host=abdhw003 source="/doc*"
Hey Rich,
Thanks for the zipppy response, When I used the one you provide, It did not return any result. It shows
"No results found. Try expanding the time range."
The full query is something like this:
index=_nix_xxxx sourcetype=df host=abdhw003 | eval TotalGBytes= TotalMBytes/1024 | eval UsedGBytes=UsedMbytes/1024 |eval used_pct=100(UsedGBytes/TotalGBytes) | stats max(TotalGBytes) as "MaxSize(GB) max(UsedGBytes) as "UsedSize(GB) as "percentUsed" by MountedOn | search PercentUsed>85| Sort PercentUsed
Start off small and add one statement at a time until the query breaks.
index=_nix_xxxx sourcetype=df host=abdhw003 source="/doc*"
If you get no results then you may have no data indexed from a file in the /doc
path.
Here's an alternative search:
index=_nix_xxxx sourcetype=df host=abdhw003 "/doc*"