Solved: how to find out file systems are using more than 9...

gsrikanth87 · ‎02-04-2015

I ran below script, but it is not working.

sourcetype=df | multikv | dedup host,Filesystem | rex field=UsePct "(?\d+)" | where usage>50 | eval _raw="Filesystem "+Filesystem+" (mount point "+MountedOn+") on host "+host+" is "+UsePct+" full!" | fields - *

richgalloway · ‎02-04-2015

Without a better explanation of "it is not working" it's hard to say exactly what is wrong, but I see a couple of problems with your search. Try this version:

sourcetype=df | multikv | dedup host,Filesystem | rex field=UsePct "(?<usage>\d+)" | where usage>50 | eval _raw="Filesystem "+Filesystem+" (mount point "+MountedOn+") on host "+host+" is "+UsePct+" full!"

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎02-04-2015

Without a better explanation of "it is not working" it's hard to say exactly what is wrong, but I see a couple of problems with your search. Try this version:

sourcetype=df | multikv | dedup host,Filesystem | rex field=UsePct "(?<usage>\d+)" | where usage>50 | eval _raw="Filesystem "+Filesystem+" (mount point "+MountedOn+") on host "+host+" is "+UsePct+" full!"

---
If this reply helps you, Karma would be appreciated.

gsrikanth87 · ‎02-04-2015

Thank you I got it now...

how to find out file systems are using more than 90% space in unix servers?

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio