On Windows, Mark Russinovich who brought us sysinternals, has a 'du' utility. This needs to be downloaded...or: run the "diskuse" command
On UNIX, run:
du -h -s
Run both as a scripted output.
You can have this command set to run every few hours or minutes and of course, Splunk the data. Once the data is in, you can create alerts.
setup for both internal and non-internal indexes.
How about going to Manager » Access controls » Roles » admin Indexes at the bottom and make sure Internal indexes are available; I have run into this before so it is the first thing I typically check. Let me know.
Returns nothing.
Try running this query: index=_internal type="Usage"
This query Splunks data from the license_usage.log file; one of the fields returned is "Pool" among other fields
Thought so. Thanks. So, now that I know that, how can I get license usage for the past week for a specific license pool?
No, because indexes are compressed whereas license usage concerns the uncompressed amount of data.
So, a question on this - does license usage translate to disk storage use?
Are you looking to say these files were modified, added, deleted? Or are you looking to say the hard drive has this much free space and alert me when it is at this level? What is the OS that you want all this on?